ElfFileBbElfChnkx *jMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **O ]Ɋ& '!XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ?!XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**O ]Ɋ& 3!XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& 3!XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**O ]Ɋ& 5!XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0O ]Ɋ& !O F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**&d3 ]Ɋ& )!X&d3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**&d3 ]Ɋ& A!X&d3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**&d3 ]Ɋ& =!X&d3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**&d3 ]Ɋ& 5!X&d3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **&d3 ]Ɋ& 5!X&d3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4**&d3 ]Ɋ& 7!X&d3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0&d3 ]Ɋ& !&d3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@od3 ]Ɋ& !od3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xod3 ]Ɋ& !Xod3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pod3 ]Ɋ& !Xod3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hod3 ]Ɋ& !Xod3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`od3 ]Ɋ& !Xod3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`od3 ]Ɋ& !Xod3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hod3 ]Ɋ& !Xod3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**od3 ]Ɋ&  !od3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **od3 ]Ɋ& !od3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8Xe3 ]Ɋ& !XXe3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**PXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**PXe3 ]Ɋ& !XXe3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**HXe3 ]Ɋ& !XXe3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**HXe3 ]Ɋ& !XXe3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HXe3 ]Ɋ& !XXe3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XXe3 ]Ɋ& !XXe3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hXe3 ]Ɋ& !XXe3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`Xe3 ]Ɋ& !XXe3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`Xe3 ]Ɋ& !XXe3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`Xe3 ]Ɋ& !XXe3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **(e3 ]Ɋ& !Xe3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@e3 ]Ɋ& !Xe3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@e3 ]Ɋ& !Xe3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8e3 ]Ɋ& !Xe3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8e3 ]Ɋ& !Xe3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^8**8e3 ]Ɋ& !Xe3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**e3 ]Ɋ& !e3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**2f3 ]Ɋ& !2f3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X_g3 ]Ɋ& !X_g3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_g3 ]Ɋ& !X_g3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk$]n .Mu=VysMc&&**p _g3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X_g3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h_g3 ]Ɋ& !X_g3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**_g3 ]Ɋ&  !_g3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=02**Rh3 ]Ɋ& !Rh3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**h3 ]Ɋ& '!Xh3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**h3 ]Ɋ& ?!Xh3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**h3 ]Ɋ& ;!Xh3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**h3 ]Ɋ& 3!Xh3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h3 ]Ɋ& 3!Xh3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **h3 ]Ɋ& 5!Xh3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0h3 ]Ɋ& !h3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@#i3 ]Ɋ& !#i3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@***g ]Ɋ& )!X*g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***g ]Ɋ& A!X*g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ***g ]Ɋ& =!X*g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er***g ]Ɋ& 5!X*g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl***g ]Ɋ& 5!X*g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ***g ]Ɋ& 7!X*g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**0*g ]Ɋ& !*g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@.g ]Ɋ& !.g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XWǫg ]Ɋ& !XWǫg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pWǫg ]Ɋ& !XWǫg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hWǫg ]Ɋ& !XWǫg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`Wǫg ]Ɋ& !XWǫg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`Wǫg ]Ɋ& !XWǫg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hWǫg ]Ɋ& !XWǫg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**Wǫg ]Ɋ&  !Wǫg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aa40**Wǫg ]Ɋ& !Wǫg F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae**8g ]Ɋ& !Xg F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pg ]Ɋ& !Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pg ]Ɋ& !Xg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hg ]Ɋ& !Xg F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hg ]Ɋ& !Xg F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hg ]Ɋ& !Xg F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**g ]Ɋ& !g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XH®g ]Ɋ& !XH®g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pH®g ]Ɋ& !XH®g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH®g ]Ɋ& !XH®g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`H®g ]Ɋ& !XH®g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`H®g ]Ɋ& !XH®g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`H®g ]Ɋ& !XH®g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**H®g ]Ɋ& !H®g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**H®g ]Ɋ& !H®g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(ug ]Ɋ& !Xug F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ug ]Ɋ& !Xug F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ug ]Ɋ& !Xug F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8ug ]Ɋ& !Xug F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXug F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk"" A ߝMu=VysMc&&**8 ug ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xug F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8ug ]Ɋ& !Xug F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**ug ]Ɋ& !ug F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA** g ]Ɋ& ! g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xdg ]Ɋ& !Xdg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pdg ]Ɋ& !Xdg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pdg ]Ɋ& !Xdg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hdg ]Ɋ& !Xdg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hdg ]Ɋ& !Xdg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hdg ]Ɋ& !Xdg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**dg ]Ɋ&  !dg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**Eg ]Ɋ& '!XEg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**Eg ]Ɋ& ?!XEg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**Eg ]Ɋ& ;!XEg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 3!XEg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**Eg ]Ɋ& 3!XEg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 5!XEg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0Eg ]Ɋ& !Eg F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@۞g ]Ɋ& !۞g F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50b-**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ) ]Ɋ& 5!X)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wǫ** ) ]Ɋ& 7!X)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0 ) ]Ɋ& !)  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@ VΞ ]Ɋ& !VΞ  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X \ ]Ɋ& !X\  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8d ]Ɋ& !Xd F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**Pd ]Ɋ& !Xd F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**Hd ]Ɋ& !Xd F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**Hd ]Ɋ& !Xd F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**Hd ]Ɋ& !Xd F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**d ]Ɋ& !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk#S#S`h-IMu=VysMc&&**# ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !# F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(%& ]Ɋ& !X&% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@&& ]Ɋ& !X&& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'& ]Ɋ& !X&' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8(& ]Ɋ& !X&( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8)& ]Ɋ& !X&) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8*& ]Ɋ& !X&* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**+& ]Ɋ& !&+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**,( ]Ɋ& !(, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X-U ]Ɋ& !XU- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p.U ]Ɋ& !XU. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p/U ]Ɋ& !XU/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h0U ]Ɋ& !XU0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h1U ]Ɋ& !XU1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h2U ]Ɋ& !XU2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**3U ]Ɋ&  !U3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4눩 ]Ɋ& !눩4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**5 ]Ɋ& '!X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**6 ]Ɋ& ?!X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& ;!X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 ]Ɋ& 3!X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**: ]Ɋ& 5!X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0; ]Ɋ& !; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@<E뫯 ]Ɋ& !E뫯< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**= ]Ɋ& )!X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-4e**? ]Ɋ& =!X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**A ]Ɋ& 5!XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**B ]Ɋ& 7!XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C ]Ɋ& !C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@D# ]Ɋ& !#D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XE# ]Ɋ& !X#E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pF# ]Ɋ& !X#F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hG# ]Ɋ& !X#G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`H# ]Ɋ& !X#H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`I# ]Ɋ& !X#I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hJ# ]Ɋ& !X#J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**K ]Ɋ&  !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HP ]Ɋ& !XP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**HQ ]Ɋ& !XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommElfChnkTTHMu=VysMc&&**T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`X ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`Y ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Z ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\PK ]Ɋ& !PK\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(]PK ]Ɋ& !XPK] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@^PK ]Ɋ& !XPK^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@_PK ]Ɋ& !XPK_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8`PK ]Ɋ& !XPK` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8aPK ]Ɋ& !XPKa F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8bPK ]Ɋ& !XPKb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**cPK ]Ɋ& !PKc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xe ]Ɋ& !Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pg ]Ɋ& !Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hh ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hi ]Ɋ& !Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hj ]Ɋ& !Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**k ]Ɋ&  !k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**m ]Ɋ& '!Xm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **n ]Ɋ& ?!Xn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**p ]Ɋ& 3!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **q ]Ɋ& 3!Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**r ]Ɋ& 5!Xr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0s ]Ɋ& !s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@t ]Ɋ& !t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c06@**uI}\ ]Ɋ& )!XI}\u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**vI}\ ]Ɋ& A!XI}\v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**wI}\ ]Ɋ& =!XI}\w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=12**xI}\ ]Ɋ& 5!XI}\x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**yI}\ ]Ɋ& 5!XI}\y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**zI}\ ]Ɋ& 7!XI}\z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**0{\ ]Ɋ& !\{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|v\ ]Ɋ& !v\| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X} G\ ]Ɋ& !X G\} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p~ G\ ]Ɋ& !X G\~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h G\ ]Ɋ& !X G\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` G\ ]Ɋ& !X G\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` G\ ]Ɋ& !X G\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h G\ ]Ɋ& !X G\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh** G\ ]Ɋ&  ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=! ]Ɋ& at G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@[!ݯTL7Mu=VysMc&&** G\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! G\ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 G\ ]Ɋ& !X G\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P G\ ]Ɋ& !X G\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P G\ ]Ɋ& !X G\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H G\ ]Ɋ& !X G\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H G\ ]Ɋ& !X G\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H G\ ]Ɋ& !X G\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H** G\ ]Ɋ& ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** G\ ]Ɋ& ! G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54h**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(\ ]Ɋ& !X\ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@\ ]Ɋ& !X\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@\ ]Ɋ& !X\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8\ ]Ɋ& !X\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8\ ]Ɋ& !X\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8\ ]Ɋ& !X\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**G\ ]Ɋ& !G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**t\ ]Ɋ& '!Xt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**t\ ]Ɋ& ?!Xt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**t\ ]Ɋ& ;!Xt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **t\ ]Ɋ& 3!Xt\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**t\ ]Ɋ& 3!Xt\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**t\ ]Ɋ& 5!Xt\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0t\ ]Ɋ& !t\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ i\ ]Ɋ& ! i\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e® ]Ɋ& )!Xe® F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**e® ]Ɋ& A!Xe® F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**e® ]Ɋ& =!Xe® F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**e® ]Ɋ& 5!Xe® F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**e® ]Ɋ& 5!Xe® F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**e® ]Ɋ& 7!Xe® F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0e® ]Ɋ& !e® F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Z ]Ɋ& !Z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=063@9031 Pipel ]Ɋ& meX F&e=ElfChnkH975޼qMu=VysMc&&**X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U ]Ɋ& !XU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PU ]Ɋ& !XU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HU ]Ɋ& !XU F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HU ]Ɋ& !XU F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HU ]Ɋ& !XU F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=֘**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==338**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **T߻ ]Ɋ& '!XT߻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**T߻ ]Ɋ& ?!XT߻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**T߻ ]Ɋ& ;!XT߻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**T߻ ]Ɋ& 3!XT߻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**T߻ ]Ɋ& 3!XT߻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**T߻ ]Ɋ& 5!XT߻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0T߻ ]Ɋ& !T߻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkhPz LMu=VysMc&&**g ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xg F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**g ]Ɋ& A!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**g ]Ɋ& 5!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **g ]Ɋ& 5!Xg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**g ]Ɋ& 7!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0g ]Ɋ& !g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X$ ]Ɋ& !X$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p$ ]Ɋ& !X$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h$ ]Ɋ& !X$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`$ ]Ɋ& !X$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`$ ]Ɋ& !X$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h$ ]Ɋ& !X$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**$ ]Ɋ&  !$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8* ]Ɋ& !X* F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P* ]Ɋ& !X* F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H* ]Ɋ& !X* F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H* ]Ɋ& !X* F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H* ]Ɋ& !X* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** P ]Ɋ& !P  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X 8 ]Ɋ& !X8  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p8 ]Ɋ& !X8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p8 ]Ɋ& !X8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=181p**h8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h8 ]Ɋ& !X8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h8 ]Ɋ& !X8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**8 ]Ɋ&  !8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4f-b672-aa7d ]Ɋ& reX F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkII@2kTMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9a5** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@)ߚ ]Ɋ& !)ߚ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**! ]Ɋ& 5!X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0# ]Ɋ& !# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$+N ]Ɋ& !+N$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`) ]Ɋ& !X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8-X ]Ɋ& !XX- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P.X ]Ɋ& !XX. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P/X ]Ɋ& !XX/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H0X ]Ɋ& !XX0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H1X ]Ɋ& !XX1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H2X ]Ɋ& !XX2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**3X ]Ɋ& !X3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4X ]Ɋ& !X4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=462**(=I ]Ɋ& !XI= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@>I ]Ɋ& !XI> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@?I ]Ɋ& !XI? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8@I ]Ɋ& !XI@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8AI ]Ɋ& !XIA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8BI ]Ɋ& !XIB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**CI ]Ɋ& !IC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**DHz ]Ɋ& !HzD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XEu ]Ɋ& !XuE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFu ]Ɋ& !XuF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pGu ]Ɋ& !XuG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hHu ]Ɋ& !XuH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hIu ]Ɋ& !XuI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XuJ F&]Ɋ& meX F&e=ElfChnkJ|J|H6BMu=VysMc&&**p Ju ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XuJ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **Ku ]Ɋ&  !uK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**L D ]Ɋ& ! DL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**Mܕ ]Ɋ& '!XܕM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**Nܕ ]Ɋ& ?!XܕN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Oܕ ]Ɋ& ;!XܕO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**Pܕ ]Ɋ& 3!XܕP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Qܕ ]Ɋ& 3!XܕQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **Rܕ ]Ɋ& 5!XܕR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0Sܕ ]Ɋ& !ܕS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1c0**@T9u ]Ɋ& !9uT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**U ]Ɋ& )!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**V ]Ɋ& A!XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**W ]Ɋ& =!XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**X ]Ɋ& 5!XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**Y ]Ɋ& 5!XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**Z ]Ɋ& 7!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0[ ]Ɋ& ![ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@\ ]Ɋ& !\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X]r~ ]Ɋ& !Xr~] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^r~ ]Ɋ& !Xr~^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h_r~ ]Ɋ& !Xr~_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``r~ ]Ɋ& !Xr~` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X`**`ar~ ]Ɋ& !Xr~a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hbr~ ]Ɋ& !Xr~b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**cr~ ]Ɋ&  !r~c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**dr~ ]Ɋ& !r~d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8er~ ]Ɋ& !Xr~e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pfr~ ]Ɋ& !Xr~f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Pgr~ ]Ɋ& !Xr~g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hhr~ ]Ɋ& !Xr~h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hir~ ]Ɋ& !Xr~i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hjr~ ]Ɋ& !Xr~j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**kr~ ]Ɋ& !r~k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lr~ ]Ɋ& !r~l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm  ]Ɋ& !X m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pn  ]Ɋ& !X n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**ho  ]Ɋ& !X o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`p  ]Ɋ& !X p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`q  ]Ɋ& !X q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`r  ]Ɋ& !X r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**s  ]Ɋ& ! s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**t  ]Ɋ& ! t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(u  ]Ɋ& !X u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v  ]Ɋ& !X v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@w  ]Ɋ& !X w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8x  ]Ɋ& !X x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8y  ]Ɋ& !X y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8z  ]Ɋ& !X z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**{  ]Ɋ& ! { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X} F&XuJ F&]Ɋ& meX F&e=ElfChnk}}H"/eR Mu=VysMc&&**` } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X} F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**cy ]Ɋ& !cy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**cy ]Ɋ& '!Xcy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**cy ]Ɋ& ?!Xcy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**cy ]Ɋ& ;!Xcy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-9**cy ]Ɋ& 3!Xcy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=W**cy ]Ɋ& 3!Xcy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9e7**cy ]Ɋ& 5!Xcy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0cy ]Ɋ& !cy F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**dJp ]Ɋ& )!XdJp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**dJp ]Ɋ& A!XdJp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **dJp ]Ɋ& =!XdJp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**dJp ]Ɋ& 5!XdJp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**dJp ]Ɋ& 5!XdJp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **dJp ]Ɋ& 7!XdJp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0dJp ]Ɋ& !dJp F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@p ]Ɋ& !p F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X{p ]Ɋ& !X{p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h{p ]Ɋ& !X{p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`{p ]Ɋ& !X{p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`{p ]Ɋ& !X{p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h{p ]Ɋ& !X{p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**{p ]Ɋ&  !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8{p ]Ɋ& !X{p F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P{p ]Ɋ& !X{p F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H{p ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H{p ]Ɋ& !X{p F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H{p ]Ɋ& !X{p F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**{p ]Ɋ& !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X'p ]Ɋ& !X'p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p'p ]Ɋ& !X'p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h'p ]Ɋ& !X'p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`'p ]Ɋ& !X'p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`'p ]Ɋ& !X'p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`'p ]Ɋ& !X'p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**'p ]Ɋ& !'p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**('p ]Ɋ& !X'p F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@'p ]Ɋ& !X'p F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkPp6PMu=VysMc&&**@ 'p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X'p F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8'p ]Ɋ& !X'p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8'p ]Ɋ& !X'p F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8'p ]Ɋ& !X'p F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xp ]Ɋ& !Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pp ]Ɋ& !Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hp ]Ɋ& !Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hp ]Ɋ& !Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hp ]Ɋ& !Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**p ]Ɋ&  !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**vp ]Ɋ& !vp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**vp ]Ɋ& '!Xvp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**vp ]Ɋ& ?!Xvp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**vp ]Ɋ& ;!Xvp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-49**vp ]Ɋ& 3!Xvp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****vp ]Ɋ& 3!Xvp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=95a**vp ]Ɋ& 5!Xvp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0vp ]Ɋ& !vp F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@p ]Ɋ& !p F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-  ]Ɋ& )!X-  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**-  ]Ɋ& A!X-  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**-  ]Ɋ& =!X-  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**-  ]Ɋ& 5!X-  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**-  ]Ɋ& 5!X-  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**-  ]Ɋ& 7!X-  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0E  ]Ɋ& !E  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@^  ]Ɋ& !^  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hc ]Ɋ& !Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hc ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8# ]Ɋ& !X# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P# ]Ɋ& !X# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P# ]Ɋ& !X# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H# ]Ɋ& !X# F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H# ]Ɋ& !X# F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H# ]Ɋ& !X# F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**# ]Ɋ& !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**# ]Ɋ& !# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X& ]Ɋ& !X& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h& ]Ɋ& !X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X& F&CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkXVSX>`Mu=VysMc&&**h& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X& F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`& ]Ɋ& !X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`& ]Ɋ& !X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(& ]Ɋ& !X& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@& ]Ɋ& !X& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@& ]Ɋ& !X& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8& ]Ɋ& !X& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8& ]Ɋ& !X& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8& ]Ɋ& !X& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X4 ]Ɋ& !X4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p4 ]Ɋ& !X4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p4 ]Ɋ& !X4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h4 ]Ɋ& !X4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h4 ]Ɋ& !X4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h4 ]Ɋ& !X4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=21h**4 ]Ɋ&  !4 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{ ]Ɋ& !{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**a ]Ɋ& '!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**a ]Ɋ& ?!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**a ]Ɋ& ;!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**a ]Ɋ& 3!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**a ]Ɋ& 3!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**a ]Ɋ& 5!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0a ]Ɋ& !a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=490**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**Ct ]Ɋ& )!XCt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& A!XCt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& =!XCt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ct ]Ɋ& 5!XCt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**Ct ]Ɋ& 5!XCt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**Ct ]Ɋ& 7!XCt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0Ct ]Ɋ& !Ct F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==95@**Xtu ]Ɋ& !Xtu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**htu ]Ɋ& !Xtu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`tu ]Ɋ& !Xtu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**` tu ]Ɋ& !Xtu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h tu ]Ɋ& !Xtu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8a95h** tu ]Ɋ&  !tu  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |** tu ]Ɋ& !tu  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8 tu ]Ɋ& !Xtu  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Ptu ]Ɋ& !Xtu F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=36a9P**Htu ]Ɋ& !Xtu F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& Xtu ElfChnkAAHӢ'r5Mu=VysMc&&**Htu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xtu F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Htu ]Ɋ& !Xtu F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**tu ]Ɋ& !tu F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XD v ]Ɋ& !XD v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pD v ]Ɋ& !XD v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hD v ]Ɋ& !XD v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`D v ]Ɋ& !XD v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`D v ]Ɋ& !XD v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`D v ]Ɋ& !XD v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**D v ]Ɋ& !D v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(D v ]Ɋ& !XD v F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@D v ]Ɋ& !XD v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@D v ]Ɋ& !XD v F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 D v ]Ɋ& !XD v  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8!D v ]Ɋ& !XD v! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8"D v ]Ɋ& !XD v" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**#D v ]Ɋ& !D v# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$q>w ]Ɋ& !q>w$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X%w ]Ɋ& !Xw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p&w ]Ɋ& !Xw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p'w ]Ɋ& !Xw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h(w ]Ɋ& !Xw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h)w ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h*w ]Ɋ& !Xw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+w ]Ɋ&  !w+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,5y ]Ɋ& !5y, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**-5y ]Ɋ& '!X5y- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.5y ]Ɋ& ?!X5y. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**/5y ]Ɋ& ;!X5y/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**05y ]Ɋ& 3!X5y0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **15y ]Ɋ& 3!X5y1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**25y ]Ɋ& 5!X5y2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**035y ]Ɋ& !5y3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4ˠy ]Ɋ& !ˠy4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-ca8@**5I ]Ɋ& )!XI5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**6I ]Ɋ& A!XI6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**7I ]Ɋ& =!XI7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=da**8I ]Ɋ& 5!XI8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**9I ]Ɋ& 5!XI9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:I ]Ɋ& 7!XI: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;I ]Ɋ& !I; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<v1 ]Ɋ& !v1< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=v1 ]Ɋ& !Xv1= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>v1 ]Ɋ& !Xv1> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?v1 ]Ɋ& !Xv1? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@v1 ]Ɋ& !Xv1@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Av1 ]Ɋ& !Xv1A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xv1B F& ElfChnkBrBr)[9Mu=VysMc&&**hBv1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xv1B F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Cv1 ]Ɋ&  !v1C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D  ]Ɋ& ! D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8E  ]Ɋ& !X E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PF  ]Ɋ& !X F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PG  ]Ɋ& !X G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HH  ]Ɋ& !X H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HI  ]Ɋ& !X I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HJ  ]Ɋ& !X J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**K  ]Ɋ& ! K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L  ]Ɋ& ! L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XM  ]Ɋ& !X M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pN  ]Ɋ& !X N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hO  ]Ɋ& !X O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`P  ]Ɋ& !X P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`Q  ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`R  ]Ɋ& !X R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S  ]Ɋ& ! S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tb ]Ɋ& !bT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(Ub ]Ɋ& !XbU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@Vb ]Ɋ& !XbV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@Wb ]Ɋ& !XbW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8Xb ]Ɋ& !XbX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8Yb ]Ɋ& !XbY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8Zb ]Ɋ& !XbZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[b ]Ɋ& !b[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**\: ]Ɋ& !:\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X]g, ]Ɋ& !Xg,] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p^g, ]Ɋ& !Xg,^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_g, ]Ɋ& !Xg,_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h`g, ]Ɋ& !Xg,` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hag, ]Ɋ& !Xg,a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hbg, ]Ɋ& !Xg,b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**cg, ]Ɋ&  !g,c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**f ]Ɋ& ?!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**h ]Ɋ& 3!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **i ]Ɋ& 3!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**j ]Ɋ& 5!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0k ]Ɋ& !k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@l* ]Ɋ& !*l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84b6@**m.VW ]Ɋ& )!X.VWm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**n.VW ]Ɋ& A!X.VWn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**o.VW ]Ɋ& =!X.VWo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**p.VW ]Ɋ& 5!X.VWp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**q.VW ]Ɋ& 5!X.VWq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkssAºrMu=VysMc&&**8sW ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Ws F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@t[W ]Ɋ& ![Wt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**Xu[W ]Ɋ& !X[Wu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pv[W ]Ɋ& !X[Wv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hw[W ]Ɋ& !X[Ww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`x[W ]Ɋ& !X[Wx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`y[W ]Ɋ& !X[Wy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hz[W ]Ɋ& !X[Wz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**{[W ]Ɋ&  ![W{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**|W ]Ɋ& !W| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8}W ]Ɋ& !XW} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P~W ]Ɋ& !XW~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**PW ]Ɋ& !XW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**HW ]Ɋ& !XW F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HW ]Ɋ& !XW F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HW ]Ɋ& !XW F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==974X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(W ]Ɋ& !XW F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@W ]Ɋ& !XW F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@W ]Ɋ& !XW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8W ]Ɋ& !XW F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8W ]Ɋ& !XW F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**QX ]Ɋ& !QX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XX ]Ɋ& !XX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pX ]Ɋ& !XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pX ]Ɋ& !XX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hX ]Ɋ& !XX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hX ]Ɋ& !XX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**X ]Ɋ&  !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& !yX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**yX ]Ɋ& '!XyX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**yX ]Ɋ& ?!XyX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& ;!XyX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 3!XyX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**yX ]Ɋ& 3!XyX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 5!XyX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35yX F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkH2СHMu=VysMc&&**8 yX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !yX F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a8 **@X ]Ɋ& !X F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**, ]Ɋ& )!X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**, ]Ɋ& A!X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **, ]Ɋ& =!X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **, ]Ɋ& 5!X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fb**, ]Ɋ& 5!X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**, ]Ɋ& 7!X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0, ]Ɋ& !, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@&^ ]Ɋ& !&^ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**X&^ ]Ɋ& !X&^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~X**p&^ ]Ɋ& !X&^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h&^ ]Ɋ& !X&^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`&^ ]Ɋ& !X&^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`&^ ]Ɋ& !X&^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h&^ ]Ɋ& !X&^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wh**&^ ]Ɋ&  !&^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XY ]Ɋ& !XY F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pY ]Ɋ& !XY F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pY ]Ɋ& !XY F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hY ]Ɋ& !XY F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hY ]Ɋ& !XY F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**Y ]Ɋ&  !Y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35yX ]Ɋ&  CX F&ommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(\bDzMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@" ]Ɋ& !" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**P ]Ɋ& )!XP F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**P ]Ɋ& A!XP F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**P ]Ɋ& =!XP F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c7**P ]Ɋ& 5!XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**P ]Ɋ& 5!XP F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**P ]Ɋ& 7!XP F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0P ]Ɋ& !P F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@"Q ]Ɋ& !"Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X"Q ]Ɋ& !X"Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p"Q ]Ɋ& !X"Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h"Q ]Ɋ& !X"Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`"Q ]Ɋ& !X"Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`"Q ]Ɋ& !X"Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Q ]Ɋ& !X"Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**"Q ]Ɋ&  !"Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"Q ]Ɋ& !"Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8R ]Ɋ& !XR F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PR ]Ɋ& !XR F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HR ]Ɋ& !XR F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HR ]Ɋ& !XR F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XR ]Ɋ& !XR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hR ]Ɋ& !XR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`R ]Ɋ& !XR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`R ]Ɋ& !XR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**`R ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(O"S ]Ɋ& !XO"S F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@O"S ]Ɋ& !XO"S F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@O"S ]Ɋ& !XO"S F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=195@**8O"S ]Ɋ& !XO"S F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8O"S ]Ɋ& !XO"S F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8O"S ]Ɋ& !XO"S F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**O"S ]Ɋ& !O"S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XT ]Ɋ& !XT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pT ]Ɋ& !XT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pT ]Ɋ& !XT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 5-XT F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk::'KeMu=VysMc&&**h T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XT F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h T ]Ɋ& !XT  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h T ]Ɋ& !XT  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch** T ]Ɋ&  !T  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** U ]Ɋ& !U  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst** U ]Ɋ& '!XU  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**U ]Ɋ& ?!XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**U ]Ɋ& ;!XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**U ]Ɋ& 3!XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 3!XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**U ]Ɋ& 5!XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0U ]Ɋ& !U F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ֵV ]Ɋ& !ֵV F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**;j ]Ɋ& )!X;j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;j ]Ɋ& A!X;j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**;j ]Ɋ& =!X;j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**;j ]Ɋ& 5!X;j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **;j ]Ɋ& 5!X;j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**;j ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;j ]Ɋ& !;j F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**@=j ]Ɋ& !=j F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**XA>j ]Ɋ& !XA>j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pA>j ]Ɋ& !XA>j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hA>j ]Ɋ& !XA>j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` A>j ]Ɋ& !XA>j  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`!A>j ]Ɋ& !XA>j! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h"A>j ]Ɋ& !XA>j" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**#A>j ]Ɋ&  !A>j# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**$A>j ]Ɋ& !A>j$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8%A>j ]Ɋ& !XA>j% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-8**P&A>j ]Ɋ& !XA>j& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3P**P'A>j ]Ɋ& !XA>j' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H(A>j ]Ɋ& !XA>j( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H)A>j ]Ɋ& !XA>j) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H*A>j ]Ɋ& !XA>j* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**+A>j ]Ɋ& !A>j+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**,>j ]Ɋ& !>j, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X->j ]Ɋ& !X>j- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p.>j ]Ɋ& !X>j. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Op**h/>j ]Ɋ& !X>j/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`0>j ]Ɋ& !X>j0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`1>j ]Ɋ& !X>j1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`2>j ]Ɋ& !X>j2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**3>j ]Ɋ& !>j3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**4>j ]Ɋ& !>j4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(5>j ]Ɋ& !X>j5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@6>j ]Ɋ& !X>j6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@7>j ]Ɋ& !X>j7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**88>j ]Ɋ& !X>j8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**89>j ]Ɋ& !X>j9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8:>j ]Ɋ& !X>j: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk;l;l@bvMu=VysMc&&** ;>j ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!>j; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **< @j ]Ɋ& ! @j< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X=Q@j ]Ɋ& !XQ@j= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p>Q@j ]Ɋ& !XQ@j> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p?Q@j ]Ɋ& !XQ@j? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h@Q@j ]Ɋ& !XQ@j@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hAQ@j ]Ɋ& !XQ@jA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hBQ@j ]Ɋ& !XQ@jB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**C**8]5 ]Ɋ& !X5] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**P^5 ]Ɋ& !X5^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**P_5 ]Ɋ& !X5_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H`5 ]Ɋ& !X5` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Ha5 ]Ɋ& !X5a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hb5 ]Ɋ& !X5b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**c5 ]Ɋ& !5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**d5 ]Ɋ& !5d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xeb6 ]Ɋ& !Xb6e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pfb6 ]Ɋ& !Xb6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hgb6 ]Ɋ& !Xb6g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`hb6 ]Ɋ& !Xb6h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`ib6 ]Ɋ& !Xb6i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`jb6 ]Ɋ& !Xb6j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kb6 ]Ɋ& !b6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**lb6 ]Ɋ& !b6l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXb6m F&ndPath= CommandLine=8F& ElfChnkmmdRYMu=VysMc&&**0 mb6 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xb6m F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@nb6 ]Ɋ& !Xb6n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@ob6 ]Ɋ& !Xb6o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8pb6 ]Ɋ& !Xb6p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8qb6 ]Ɋ& !Xb6q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 8**8rb6 ]Ɋ& !Xb6r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**sb6 ]Ɋ& !b6s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Q@**t7 ]Ɋ& !7t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Xu8 ]Ɋ& !X8u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**pv8 ]Ɋ& !X8v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pw8 ]Ɋ& !X8w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hx8 ]Ɋ& !X8x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hy8 ]Ɋ& !X8y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hz8 ]Ɋ& !X8z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{8 ]Ɋ&  !8{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**|9 ]Ɋ& !9| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=325-**}9 ]Ɋ& '!X9} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~9 ]Ɋ& ?!X9~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**9 ]Ɋ& ;!X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **9 ]Ɋ& 3!X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9 ]Ɋ& 5!X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**09 ]Ɋ& !9 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@: ]Ɋ& !: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**W  ]Ɋ& )!XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**W  ]Ɋ& A!XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**W  ]Ɋ& =!XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**W  ]Ɋ& 5!XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-3**W  ]Ɋ& 5!XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**W  ]Ɋ& 7!XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0W  ]Ɋ& !W  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@W  ]Ɋ& !W  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^p**hW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`W  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`W  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**W  ]Ɋ&  !W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8GW  ]Ɋ& !XGW  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8**PGW  ]Ɋ& !XGW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGW  ]Ɋ& !XGW  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HGW  ]Ɋ& !XGW  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**GW  ]Ɋ& !GW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GW  ]Ɋ& !GW  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X޲W  ]Ɋ& !X޲W  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X޲W  F& F&ndPath= CommandLine=8F& ElfChnk@M#Z媙Mu=VysMc&&**p޲W  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X޲W  F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h޲W  ]Ɋ& !X޲W  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`޲W  ]Ɋ& !X޲W  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`޲W  ]Ɋ& !X޲W  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f`**`޲W  ]Ɋ& !X޲W  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**޲W  ]Ɋ& !޲W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**޲W  ]Ɋ& !޲W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**(tKW  ]Ɋ& !XtKW  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@tKW  ]Ɋ& !XtKW  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@tKW  ]Ɋ& !XtKW  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8tKW  ]Ɋ& !XtKW  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8tKW  ]Ɋ& !XtKW  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8tKW  ]Ɋ& !XtKW  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**tKW  ]Ɋ& !tKW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**|W  ]Ɋ& !|W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**pW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hW  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hW  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**UAW  ]Ɋ&  !UAW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e3**rW  ]Ɋ& '!XrW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**rW  ]Ɋ& ?!XrW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**rW  ]Ɋ& ;!XrW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**rW  ]Ɋ& 3!XrW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**rW  ]Ɋ& 3!XrW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**rW  ]Ɋ& 5!XrW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0rW  ]Ɋ& !rW  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ W  ]Ɋ& ! W  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**λ  ]Ɋ& )!Xλ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**λ  ]Ɋ& A!Xλ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**λ  ]Ɋ& =!Xλ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **λ  ]Ɋ& 5!Xλ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=07**λ  ]Ɋ& 5!Xλ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**λ  ]Ɋ& 7!Xλ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ϻ  ]Ɋ& !ϻ  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@)л  ]Ɋ& !)л  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XFл  ]Ɋ& !XFл  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hFл  ]Ɋ& !XFл  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Fл  ]Ɋ& !XFл  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Fл  ]Ɋ& !XFл  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hFл  ]Ɋ& !XFл  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Fл  ]Ɋ&  !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8Fл  ]Ɋ& !XFл  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**PFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk )0&FRMu=VysMc&&**PFл  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XFл  F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HFл  ]Ɋ& !XFл  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HFл  ]Ɋ& !XFл  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HFл  ]Ɋ& !XFл  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**Fл  ]Ɋ& !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XZѻ  ]Ɋ& !XZѻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pZѻ  ]Ɋ& !XZѻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hZѻ  ]Ɋ& !XZѻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`Zѻ  ]Ɋ& !XZѻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30`**`Zѻ  ]Ɋ& !XZѻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`Zѻ  ]Ɋ& !XZѻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**Zѻ  ]Ɋ& !Zѻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(Zѻ  ]Ɋ& !XZѻ  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@Zѻ  ]Ɋ& !XZѻ  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Zѻ  ]Ɋ& !XZѻ  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8Zѻ  ]Ɋ& !XZѻ  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8Zѻ  ]Ɋ& !XZѻ  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8Zѻ  ]Ɋ& !XZѻ  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** һ  ]Ɋ& ! һ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X$ӻ  ]Ɋ& !X$ӻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p$ӻ  ]Ɋ& !X$ӻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p$ӻ  ]Ɋ& !X$ӻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h$ӻ  ]Ɋ& !X$ӻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h$ӻ  ]Ɋ& !X$ӻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h$ӻ  ]Ɋ& !X$ӻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**$ӻ  ]Ɋ&  !$ӻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& !UԻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**UԻ  ]Ɋ& '!XUԻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**UԻ  ]Ɋ& ?!XUԻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**UԻ  ]Ɋ& ;!XUԻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 3!XUԻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **UԻ  ]Ɋ& 3!XUԻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 5!XUԻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0UԻ  ]Ɋ& !UԻ  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@dԻ  ]Ɋ& !dԻ  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**,x ]Ɋ& )!X,x F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**,x ]Ɋ& A!X,x F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**,x ]Ɋ& =!X,x F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**,x ]Ɋ& 5!X,x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**,x ]Ɋ& 5!X,x F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,x ]Ɋ& 7!X,x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0,x ]Ɋ& !,x F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@YIx ]Ɋ& !YIx F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XYIx ]Ɋ& !XYIx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1fX**pYIx ]Ɋ& !XYIx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hYIx ]Ɋ& !XYIx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk//(?>ldMu=VysMc&&**hYIx ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XYIx F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fh**`YIx ]Ɋ& !XYIx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hYIx ]Ɋ& !XYIx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**YIx ]Ɋ&  !YIx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8x ]Ɋ& !Xx F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Px ]Ɋ& !Xx F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx ]Ɋ& !Xx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H x ]Ɋ& !Xx  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H x ]Ɋ& !Xx  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H** x ]Ɋ& !x  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** zx ]Ɋ& !zx  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X zx ]Ɋ& !Xzx  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**pzx ]Ɋ& !Xzx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**hzx ]Ɋ& !Xzx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`zx ]Ɋ& !Xzx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`zx ]Ɋ& !Xzx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`zx ]Ɋ& !Xzx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zx ]Ɋ& !zx F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(zx ]Ɋ& !Xzx F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@zx ]Ɋ& !Xzx F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@zx ]Ɋ& !Xzx F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8zx ]Ɋ& !Xzx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8zx ]Ɋ& !Xzx F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8788**8zx ]Ɋ& !Xzx F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **Xx ]Ɋ& !Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**px ]Ɋ& !Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h x ]Ɋ& !Xx  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h!x ]Ɋ& !Xx! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h"x ]Ɋ& !Xx" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#x ]Ɋ&  !x# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$vux ]Ɋ& !vux$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **%x ]Ɋ& '!Xx% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**&x ]Ɋ& ?!Xx& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**'x ]Ɋ& ;!Xx' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(x ]Ɋ& 3!Xx( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**)x ]Ɋ& 3!Xx) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS***x ]Ɋ& 5!Xx* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0+x ]Ɋ& !x+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@,:?x ]Ɋ& !:?x, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**-{ ]Ɋ& )!X{- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**.{ ]Ɋ& A!X{. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**/{ ]Ɋ& =!X{/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk0`0`p!Mu=VysMc&&**0{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{0 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **1{ ]Ɋ& 5!X{1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**2{ ]Ɋ& 7!X{2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**03{ ]Ɋ& !{3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@4 ]Ɋ& !4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d4@**X5> ]Ɋ& !X>5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p6> ]Ɋ& !X>6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72ep**h7> ]Ɋ& !X>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`8> ]Ɋ& !X>8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9> ]Ɋ& !X>9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h:> ]Ɋ& !X>: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**;> ]Ɋ&  !>; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**<> ]Ɋ& !>< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8= ]Ɋ& !X= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P? ]Ɋ& !X? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H@ ]Ɋ& !X@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HA ]Ɋ& !XA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HB ]Ɋ& !XB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=15bH**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**XEk ]Ɋ& !XkE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e449X**pFk ]Ɋ& !XkF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hGk ]Ɋ& !XkG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Hk ]Ɋ& !XkH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`Ik ]Ɋ& !XkI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`Jk ]Ɋ& !XkJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**Kk ]Ɋ& !kK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Lk ]Ɋ& !kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4bc**(MI ]Ɋ& !XIM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@NI ]Ɋ& !XIN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@OI ]Ɋ& !XIO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8PI ]Ɋ& !XIP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8QI ]Ɋ& !XIQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8RI ]Ɋ& !XIR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**SI ]Ɋ& !IS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XUC ]Ɋ& !XCU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pVC ]Ɋ& !XCV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pWC ]Ɋ& !XCW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hXC ]Ɋ& !XCX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hYC ]Ɋ& !XCY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hZC ]Ɋ& !XCZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fah**[C ]Ɋ&  !C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**^ ]Ɋ& ?!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**_ ]Ɋ& ;!X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**` ]Ɋ& 3!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXa F&44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnkaaHO·eMMu=VysMc&&** a ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xa F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **b ]Ɋ& 5!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={**0c ]Ɋ& !c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=930**@d  ]Ɋ& ! d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**e; ]Ɋ& )!X;e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f; ]Ɋ& A!X;f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**g; ]Ɋ& =!X;g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**h; ]Ɋ& 5!X;h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b**i; ]Ɋ& 5!X;i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**j; ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0k; ]Ɋ& !;k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lĺ; ]Ɋ& !ĺ;l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xmĺ; ]Ɋ& !Xĺ;m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pnĺ; ]Ɋ& !Xĺ;n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoĺ; ]Ɋ& !Xĺ;o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pĺ; ]Ɋ& !Xĺ;p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qĺ; ]Ɋ& !Xĺ;q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrĺ; ]Ɋ& !Xĺ;r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**s[S; ]Ɋ&  ![S;s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**t[S; ]Ɋ& ![S;t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8u[S; ]Ɋ& !X[S;u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pv[S; ]Ɋ& !X[S;v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pw[S; ]Ɋ& !X[S;w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx[S; ]Ɋ& !X[S;x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hy[S; ]Ɋ& !X[S;y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz[S; ]Ɋ& !X[S;z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{[S; ]Ɋ& ![S;{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|; ]Ɋ& !;| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}; ]Ɋ& !X;} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p~; ]Ɋ& !X;~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd`**`; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==36**(; ]Ɋ& !X; F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@; ]Ɋ& !X; F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@; ]Ɋ& !X; F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8; ]Ɋ& !X; F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8; ]Ɋ& !X; F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8; ]Ɋ& !X; F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X; ]Ɋ& !X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8?`˸$Mu=VysMc&&** ; ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h? ]Ɋ& !X? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h? ]Ɋ& !X? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h? ]Ɋ& !X? F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**? ]Ɋ&  !? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**l8 ]Ɋ& !l8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d75** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=539** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@i ]Ɋ& !i F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Ѐ ]Ɋ& )!XЀ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **Ѐ ]Ɋ& A!XЀ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Ѐ ]Ɋ& =!XЀ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**Ѐ ]Ɋ& 5!XЀ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**Ѐ ]Ɋ& 5!XЀ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ѐ ]Ɋ& 7!XЀ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Ѐ ]Ɋ& !Ѐ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@g ]Ɋ& !g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8J ]Ɋ& !XJ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PJ ]Ɋ& !XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PJ ]Ɋ& !XJ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HJ ]Ɋ& !XJ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HJ ]Ɋ& !XJ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HJ ]Ɋ& !XJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`*** ]Ɋ& !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a*** ]Ɋ& !* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**({ ]Ɋ& !X{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@{ ]Ɋ& !X{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk((pMu=VysMc&&**8 { ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{ F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=03**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XH ]Ɋ& !XH F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pH ]Ɋ& !XH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pH ]Ɋ& !XH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH ]Ɋ& !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hH ]Ɋ& !XH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hH ]Ɋ& !XH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-h**H ]Ɋ&  !H F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**ާ ]Ɋ& !ާ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**u@ ]Ɋ& '!Xu@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**u@ ]Ɋ& ?!Xu@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**u@ ]Ɋ& ;!Xu@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**u@ ]Ɋ& 3!Xu@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** u@ ]Ɋ& 3!Xu@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp** u@ ]Ɋ& 5!Xu@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0 u@ ]Ɋ& !u@  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@ q ]Ɋ& !q  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@** BKN ]Ɋ& )!XBKN  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**BKN ]Ɋ& A!XBKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**BKN ]Ɋ& =!XBKN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**BKN ]Ɋ& 5!XBKN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**BKN ]Ɋ& 5!XBKN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**BKN ]Ɋ& 7!XBKN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0\KN ]Ɋ& !\KN F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@sLN ]Ɋ& !sLN F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6e-@**X MN ]Ɋ& !X MN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p MN ]Ɋ& !X MN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h MN ]Ɋ& !X MN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5h**` MN ]Ɋ& !X MN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**` MN ]Ɋ& !X MN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h MN ]Ɋ& !X MN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph** MN ]Ɋ&  ! MN F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru** MN ]Ɋ& ! MN F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8MN ]Ɋ& !XMN F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PMN ]Ɋ& !XMN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PMN ]Ɋ& !XMN F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H MN ]Ɋ& !XMN  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bd16H**H!MN ]Ɋ& !XMN! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-bb6H**H"MN ]Ɋ& !XMN" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce-H**#MN ]Ɋ& !MN# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6bf**$MN ]Ɋ& !MN$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**X%MN ]Ɋ& !XMN% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p&MN ]Ɋ& !XMN& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h'MN ]Ɋ& !XMN' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`(MN ]Ɋ& !XMN( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXMN) F&wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk)Z)ZhL<97Mu=VysMc&&**h)MN ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XMN) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`*MN ]Ɋ& !XMN* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**+MN ]Ɋ& !MN+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**,MN ]Ɋ& !MN, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(-=NN ]Ɋ& !X=NN- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.=NN ]Ɋ& !X=NN. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@/=NN ]Ɋ& !X=NN/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80=NN ]Ɋ& !X=NN0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81=NN ]Ɋ& !X=NN1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**82=NN ]Ɋ& !X=NN2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**3=NN ]Ɋ& !=NN3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**4LNN ]Ɋ& !LNN4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X5PN ]Ɋ& !XPN5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p6PN ]Ɋ& !XPN6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p7PN ]Ɋ& !XPN7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h8PN ]Ɋ& !XPN8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h9PN ]Ɋ& !XPN9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h:PN ]Ɋ& !XPN: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**;PN ]Ɋ&  !PN; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**<8QN ]Ɋ& !8QN< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**=8QN ]Ɋ& '!X8QN= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**>8QN ]Ɋ& ?!X8QN> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**?8QN ]Ɋ& ;!X8QN? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@8QN ]Ɋ& 3!X8QN@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==27**A8QN ]Ɋ& 3!X8QNA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**B8QN ]Ɋ& 5!X8QNB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f4**0C8QN ]Ɋ& !8QNC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@DiRN ]Ɋ& !iRND F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**E ]Ɋ& !XE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**F ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**G ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= M**H ]Ɋ&  !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**I ]Ɋ&  !XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=duc**J ]Ɋ&  !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**K ]Ɋ& ]!K F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=60**L@ ]Ɋ& i!@L F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=1**Mw ]Ɋ& )!XwM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=MN**Nw ]Ɋ& A!XwN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ow ]Ɋ& =!XwO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**Pw ]Ɋ& 5!XwP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Qw ]Ɋ& 5!XwQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gi**Rw ]Ɋ& 7!XwR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Sw ]Ɋ& !wS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@Tw ]Ɋ& !wT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=usS@**XUw ]Ɋ& !XwU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rStX**pVw ]Ɋ& !XwV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Wmp**hWw ]Ɋ& !XwW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`Xw ]Ɋ& !XwX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**`Yw ]Ɋ& !XwY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**hZw ]Ɋ& !XwZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h F& ]Ɋ& Piw[ F&mmandType= ScriptName= CommandPath= CommandLine=ElfChnk[[L Ptn(Mu=VysMc&&**[w ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !w[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\w ]Ɋ& !w\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F**8]w ]Ɋ& !Xw] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P^w ]Ɋ& !Xw^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=anP**P_w ]Ɋ& !Xw_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-objP**H`w ]Ɋ& !Xw` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s['iH**Haw ]Ɋ& !Xwa F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppH**Hbw ]Ɋ& !Xwb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedH**cw ]Ɋ& !wc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**dw ]Ɋ& !wd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xew ]Ɋ& !Xwe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pfw ]Ɋ& !Xwf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfo]p**hgw ]Ɋ& !Xwg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lth**`hw ]Ɋ& !Xwh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= S`**`iw ]Ɋ& !Xwi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pi`**`jw ]Ɋ& !Xwj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=D`**kw ]Ɋ& !wk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**l2Ow ]Ɋ& !2Owl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m2Ow ]Ɋ& !X2Owm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@n2Ow ]Ɋ& !X2Own F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@o2Ow ]Ɋ& !X2Owo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:\S@**8p2Ow ]Ɋ& !X2Owp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3998**8q2Ow ]Ɋ& !X2Owq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8r2Ow ]Ɋ& !X2Owr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==48**s2Ow ]Ɋ& !2Ows F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= O**tw ]Ɋ& !wt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultu**Xuw ]Ɋ& !Xwu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6X**pvw ]Ɋ& !Xwv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pww ]Ɋ& !Xww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Patp**hxw ]Ɋ& !Xwx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hyw ]Ɋ& !Xwy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzw ]Ɋ& !Xwz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{w ]Ɋ&  !w{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***|w ]Ɋ& !w| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**}w ]Ɋ& '!Xw} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~w ]Ɋ& ?!Xw~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**w ]Ɋ& ;!Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1 **w ]Ɋ& 3!Xw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 3!Xw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 5!Xw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp**0w ]Ɋ& !w F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e70**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= @**x ]Ɋ& )!Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspa**x ]Ɋ& A!Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me, **x ]Ɋ& =!Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**x ]Ɋ& 5!Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1a**x ]Ɋ& 5!Xx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=so**x ]Ɋ& 7!Xx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0XWy ]Ɋ& !XWy F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkX1ѢuMu=VysMc&&**@y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!y F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc6X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`z ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`z ]Ɋ& !Xz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**z ]Ɋ&  !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8z ]Ɋ& !Xz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pz ]Ɋ& !Xz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hz ]Ɋ& !Xz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hz ]Ɋ& !Xz F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hz ]Ɋ& !Xz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**z ]Ɋ& !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X!{ ]Ɋ& !X!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-551X**p!{ ]Ɋ& !X!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h!{ ]Ɋ& !X!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`!{ ]Ɋ& !X!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-`**`!{ ]Ɋ& !X!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`!{ ]Ɋ& !X!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**!{ ]Ɋ& !!{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(!{ ]Ɋ& !X!{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@!{ ]Ɋ& !X!{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@!{ ]Ɋ& !X!{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8!{ ]Ɋ& !X!{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8!{ ]Ɋ& !X!{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8!{ ]Ɋ& !X!{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **HR| ]Ɋ& !HR| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**Xu} ]Ɋ& !Xu} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pu} ]Ɋ& !Xu} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu} ]Ɋ& !Xu} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hu} ]Ɋ& !Xu} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hu} ]Ɋ& !Xu} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hu} ]Ɋ& !Xu} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**u} ]Ɋ&  !u} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ~ ]Ɋ& ! ~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkp5GMu=VysMc&&**@ 9M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!9M F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **,V?! ]Ɋ& )!X,V?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **,V?! ]Ɋ& A!X,V?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**,V?! ]Ɋ& =!X,V?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,V?! ]Ɋ& 5!X,V?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,V?! ]Ɋ& 5!X,V?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**,V?! ]Ɋ& 7!X,V?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0,V?! ]Ɋ& !,V?! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@^W?! ]Ɋ& !^W?! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X^W?! ]Ɋ& !X^W?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p^W?! ]Ɋ& !X^W?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h^W?! ]Ɋ& !X^W?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`^W?! ]Ɋ& !X^W?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`^W?! ]Ɋ& !X^W?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h^W?! ]Ɋ& !X^W?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**^W?! ]Ɋ&  !^W?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **^W?! ]Ɋ& !^W?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8iY?! ]Ɋ& !XiY?! F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PiY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PiY?! ]Ɋ& !XiY?! F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HiY?! ]Ɋ& !XiY?! F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HiY?! ]Ɋ& !XiY?! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HiY?! ]Ɋ& !XiY?! F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**iY?! ]Ɋ& !iY?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XiY?! ]Ɋ& !XiY?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**piY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hiY?! ]Ɋ& !XiY?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`iY?! ]Ɋ& !XiY?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`iY?! ]Ɋ& !XiY?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`iY?! ]Ɋ& !XiY?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**YZ?! ]Ɋ& !YZ?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(YZ?! ]Ɋ& !XYZ?! F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@YZ?! ]Ɋ& !XYZ?! F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@YZ?! ]Ɋ& !XYZ?! F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8YZ?! ]Ɋ& !XYZ?! F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8YZ?! ]Ɋ& !XYZ?! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8YZ?! ]Ɋ& !XYZ?! F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**YZ?! ]Ɋ& !YZ?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**Z?! ]Ɋ& !Z?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X_?! ]Ɋ& !X_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_?! ]Ɋ& !X_?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_?! ]Ɋ& !X_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h_?! ]Ɋ& !X_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h_?! ]Ɋ& !X_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7ceh**h_?! ]Ɋ& !X_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**_?! ]Ɋ&  !_?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**J_?! ]Ɋ& !J_?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**J_?! ]Ɋ& '!XJ_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXJ_?! F&=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk 0RTLCMu=VysMc&&** J_?! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XJ_?! F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **J_?! ]Ɋ& ;!XJ_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**J_?! ]Ɋ& 3!XJ_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**J_?! ]Ɋ& 3!XJ_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**J_?! ]Ɋ& 5!XJ_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0J_?! ]Ɋ& !J_?! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@w`?! ]Ɋ& !w`?! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**" ]Ɋ& )!X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**" ]Ɋ& A!X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**" ]Ɋ& =!X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**" ]Ɋ& 5!X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=be**" ]Ɋ& 5!X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0" ]Ɋ& !" F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@2" ]Ɋ& !2" F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iYp**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**" ]Ɋ&  !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ڸ**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8" ]Ɋ& !X" F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P" ]Ɋ& !X" F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H" ]Ɋ& !X" F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** " ]Ɋ& !"  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**** c" ]Ɋ& !c"  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X c" ]Ɋ& !Xc"  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pc" ]Ɋ& !Xc" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hc" ]Ɋ& !Xc" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`c" ]Ɋ& !Xc" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`c" ]Ɋ& !Xc" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`c" ]Ɋ& !Xc" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c" ]Ɋ& !c" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**c" ]Ɋ& !c" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(F" ]Ɋ& !XF" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@F" ]Ɋ& !XF" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@F" ]Ɋ& !XF" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8F" ]Ɋ& !XF" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8F" ]Ɋ& !XF" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_8**8F" ]Ɋ& !XF" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**F" ]Ɋ& !F" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**ܔ" ]Ɋ& !ܔ" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X " ]Ɋ& !X " F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p " ]Ɋ& !X " F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h " ]Ɋ& !X "  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X "! F&e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk!S!Sd[bAMu=VysMc&&**h ! " ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X "! F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h" " ]Ɋ& !X "" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**# " ]Ɋ&  ! "# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**$^" ]Ɋ& !^"$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**%6" ]Ɋ& '!X6"% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**&6" ]Ɋ& ?!X6"& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**'6" ]Ɋ& ;!X6"' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b35**(6" ]Ɋ& 3!X6"( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)6" ]Ɋ& 3!X6") F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c9***6" ]Ɋ& 5!X6"* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+6" ]Ɋ& !6"+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@,͏" ]Ɋ& !͏", F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-gi$ ]Ɋ& )!Xgi$- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **.gi$ ]Ɋ& A!Xgi$. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**/gi$ ]Ɋ& =!Xgi$/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**0gi$ ]Ɋ& 5!Xgi$0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**1gi$ ]Ɋ& 5!Xgi$1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**2gi$ ]Ɋ& 7!Xgi$2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03gi$ ]Ɋ& !gi$3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@4$ ii$ ]Ɋ& !$ ii$4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X5$ ii$ ]Ɋ& !X$ ii$5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p6$ ii$ ]Ɋ& !X$ ii$6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h7$ ii$ ]Ɋ& !X$ ii$7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`8$ ii$ ]Ɋ& !X$ ii$8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`9$ ii$ ]Ɋ& !X$ ii$9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h:$ ii$ ]Ɋ& !X$ ii$: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**;$ ii$ ]Ɋ&  !$ ii$; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**<ii$ ]Ɋ& !ii$< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=ii$ ]Ɋ& !Xii$= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P>ii$ ]Ɋ& !Xii$> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P?ii$ ]Ɋ& !Xii$? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H@ii$ ]Ɋ& !Xii$@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HAii$ ]Ɋ& !Xii$A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HBii$ ]Ɋ& !Xii$B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**Cii$ ]Ɋ& !ii$C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**Dii$ ]Ɋ& !ii$D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XEii$ ]Ɋ& !Xii$E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pFii$ ]Ɋ& !Xii$F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hGii$ ]Ɋ& !Xii$G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`Hii$ ]Ɋ& !Xii$H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`Iii$ ]Ɋ& !Xii$I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Jii$ ]Ɋ& !Xii$J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**Kii$ ]Ɋ& !ii$K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**LQ;ji$ ]Ɋ& !Q;ji$L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(MQ;ji$ ]Ɋ& !XQ;ji$M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@NQ;ji$ ]Ɋ& !XQ;ji$N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@OQ;ji$ ]Ɋ& !XQ;ji$O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8PQ;ji$ ]Ɋ& !XQ;ji$P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8QQ;ji$ ]Ɋ& !XQ;ji$Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8RQ;ji$ ]Ɋ& !XQ;ji$R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**SQ;ji$ ]Ɋ& !Q;ji$S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  ji$T F&ndPath= CommandLine=ElfChnkTTp Mu=VysMc&&** Tji$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!ji$T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUli$ ]Ɋ& !Xli$U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pVli$ ]Ɋ& !Xli$V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pWli$ ]Ɋ& !Xli$W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hXli$ ]Ɋ& !Xli$X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hYli$ ]Ɋ& !Xli$Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hZli$ ]Ɋ& !Xli$Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6h**[li$ ]Ɋ&  !li$[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**\li$ ]Ɋ& !li$\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**]B6mi$ ]Ɋ& '!XB6mi$] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**^B6mi$ ]Ɋ& ?!XB6mi$^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**_B6mi$ ]Ɋ& ;!XB6mi$_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**`B6mi$ ]Ɋ& 3!XB6mi$` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**aB6mi$ ]Ɋ& 3!XB6mi$a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**bB6mi$ ]Ɋ& 5!XB6mi$b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0cB6mi$ ]Ɋ& !B6mi$c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@dmi$ ]Ɋ& !mi$d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**e#9& ]Ɋ& )!X#9&e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**f#9& ]Ɋ& A!X#9&f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**g#9& ]Ɋ& =!X#9&g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**h#9& ]Ɋ& 5!X#9&h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**i#9& ]Ɋ& 5!X#9&i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**j#9& ]Ɋ& 7!X#9&j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0k#9& ]Ɋ& !#9&k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lP:& ]Ɋ& !P:&l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XmP:& ]Ɋ& !XP:&m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**pnP:& ]Ɋ& !XP:&n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**hoP:& ]Ɋ& !XP:&o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pP:& ]Ɋ& !XP:&p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qP:& ]Ɋ& !XP:&q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrP:& ]Ɋ& !XP:&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**sP:& ]Ɋ&  !P:&s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**tn;& ]Ɋ& !n;&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8un;& ]Ɋ& !Xn;&u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pvn;& ]Ɋ& !Xn;&v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pwn;& ]Ɋ& !Xn;&w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hxn;& ]Ɋ& !Xn;&x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hyn;& ]Ɋ& !Xn;&y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hzn;& ]Ɋ& !Xn;&z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=JH**{n;& ]Ɋ& !n;&{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|}<& ]Ɋ& !}<&| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}}<& ]Ɋ& !X}<&} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p~}<& ]Ɋ& !X}<&~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h}<& ]Ɋ& !X}<& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`}<& ]Ɋ& !X}<& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`}<& ]Ɋ& !X}<& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}<& ]Ɋ& !X}<& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**}<& ]Ɋ& !}<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**}<& ]Ɋ& !}<& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(<& ]Ɋ& !X<& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk0X&afMu=VysMc&&**H <& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X<& F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@<& ]Ɋ& !X<& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8<& ]Ɋ& !X<& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8<& ]Ɋ& !X<& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8<& ]Ɋ& !X<& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**<& ]Ɋ& !<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=& ]Ɋ& !8=& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X?& ]Ɋ& !X?& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p?& ]Ɋ& !X?& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p?& ]Ɋ& !X?& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7f3p**h?& ]Ɋ& !X?& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h?& ]Ɋ& !X?& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B6mh**h?& ]Ɋ& !X?& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?& ]Ɋ&  !?& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**3@& ]Ɋ& !3@& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**1@& ]Ɋ& '!X1@& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**1@& ]Ɋ& ?!X1@& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**1@& ]Ɋ& ;!X1@& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**1@& ]Ɋ& 3!X1@& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**1@& ]Ɋ& 3!X1@& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**1@& ]Ɋ& 5!X1@& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **01@& ]Ɋ& !1@& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2c0**@dA& ]Ɋ& !dA& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**=,) ]Ɋ& )!X=,) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**=,) ]Ɋ& A!X=,) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**=,) ]Ɋ& =!X=,) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**=,) ]Ɋ& 5!X=,) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**=,) ]Ɋ& 5!X=,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**=,) ]Ɋ& 7!X=,) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0=,) ]Ɋ& !=,) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@j-) ]Ɋ& !j-) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xj-) ]Ɋ& !Xj-) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pj-) ]Ɋ& !Xj-) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hj-) ]Ɋ& !Xj-) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`j-) ]Ɋ& !Xj-) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`j-) ]Ɋ& !Xj-) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj-) ]Ɋ& !Xj-) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**j-) ]Ɋ&  !j-) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**j-) ]Ɋ& !j-) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8.) ]Ɋ& !X.) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**P.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**P.) ]Ɋ& !X.) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**H.) ]Ɋ& !X.) F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}H**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X.) ]Ɋ& !X.) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X.) F&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk(x@ReMu=VysMc&&**p.) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X.) F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`.) ]Ɋ& !X.) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`.) ]Ɋ& !X.) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`.) ]Ɋ& !X.) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(//) ]Ɋ& !X//) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@//) ]Ɋ& !X//) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?@**@//) ]Ɋ& !X//) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8//) ]Ɋ& !X//) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8//) ]Ɋ& !X//) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8//) ]Ɋ& !X//) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**//) ]Ɋ& !//) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **-/) ]Ɋ& !-/) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?**XZ0) ]Ɋ& !XZ0) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pZ0) ]Ɋ& !XZ0) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pZ0) ]Ɋ& !XZ0) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hZ0) ]Ɋ& !XZ0) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hZ0) ]Ɋ& !XZ0) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hZ0) ]Ɋ& !XZ0) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**Z0) ]Ɋ&  !Z0) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**1) ]Ɋ& !1) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |***2) ]Ɋ& '!X*2) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e***2) ]Ɋ& ?!X*2) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h***2) ]Ɋ& ;!X*2) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43d***2) ]Ɋ& 3!X*2) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&***2) ]Ɋ& 3!X*2) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d3c***2) ]Ɋ& 5!X*2) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0*2) ]Ɋ& !*2) F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@2) ]Ɋ& !2) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**) ]Ɋ& 7!X) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@J) ]Ɋ& !J) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X@) ]Ɋ& !X@) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h@) ]Ɋ& !X@) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`@) ]Ɋ& !X@) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`@) ]Ɋ& !X@) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h@) ]Ɋ& !X@) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**@) ]Ɋ&  !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**@) ]Ɋ& !@) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8@) ]Ɋ& !X@) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P@) ]Ɋ& !X@) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&ndPath= CommandLine=XElfChnk0-Z`Mu=VysMc&&**H@) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X@) F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H@) ]Ɋ& !X@) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H@) ]Ɋ& !X@) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**@) ]Ɋ& !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Xw) ]Ɋ& !Xw) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pw) ]Ɋ& !Xw) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hw) ]Ɋ& !Xw) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`w) ]Ɋ& !Xw) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`w) ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`w) ]Ɋ& !Xw) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**w) ]Ɋ& !w) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **( r) ]Ɋ& !X r) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@ r) ]Ɋ& !X r) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@ r) ]Ɋ& !X r) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8 r) ]Ɋ& !X r) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8 r) ]Ɋ& !X r) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8 r) ]Ɋ& !X r) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** r) ]Ɋ& ! r) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ) ]Ɋ& ! ) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X;) ]Ɋ& !X;) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p;) ]Ɋ& !X;) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p;) ]Ɋ& !X;) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h;) ]Ɋ& !X;) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h;) ]Ɋ& !X;) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h;) ]Ɋ& !X;) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**;) ]Ɋ&  !;) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& !g) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**g) ]Ɋ& '!Xg) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**g) ]Ɋ& ?!Xg) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **g) ]Ɋ& ;!Xg) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& 3!Xg) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou** g) ]Ɋ& 3!Xg)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti** g) ]Ɋ& 5!Xg)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0 g) ]Ɋ& !g)  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@ ) ]Ɋ& !)  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-dc@** oa, ]Ɋ& )!Xoa,  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**oa, ]Ɋ& A!Xoa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**oa, ]Ɋ& =!Xoa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1**oa, ]Ɋ& 5!Xoa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**oa, ]Ɋ& 5!Xoa, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**oa, ]Ɋ& 7!Xoa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0oa, ]Ɋ& !oa, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@a, ]Ɋ& !a, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xa, ]Ɋ& !Xa, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pa, ]Ɋ& !Xa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**ha, ]Ɋ& !Xa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`a, ]Ɋ& !Xa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkHHފJC^Mu=VysMc&&**ha, ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xa, F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ha, ]Ɋ& !Xa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a, ]Ɋ&  !a, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**9a, ]Ɋ& !9a, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**89a, ]Ɋ& !X9a, F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P9a, ]Ɋ& !X9a, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P9a, ]Ɋ& !X9a, F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H 9a, ]Ɋ& !X9a,  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H!9a, ]Ɋ& !X9a,! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"9a, ]Ɋ& !X9a," F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**#9a, ]Ɋ& !9a,# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$9a, ]Ɋ& !9a,$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%9a, ]Ɋ& !X9a,% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p&9a, ]Ɋ& !X9a,& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h'9a, ]Ɋ& !X9a,' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`(9a, ]Ɋ& !X9a,( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`)9a, ]Ɋ& !X9a,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*9a, ]Ɋ& !X9a,* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**+9a, ]Ɋ& !9a,+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,4a, ]Ɋ& !4a,, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(-4a, ]Ɋ& !X4a,- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.4a, ]Ɋ& !X4a,. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@/4a, ]Ɋ& !X4a,/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**804a, ]Ɋ& !X4a,0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**814a, ]Ɋ& !X4a,1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b6-8**824a, ]Ɋ& !X4a,2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**34a, ]Ɋ& !4a,3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**4ja, ]Ɋ& !ja,4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X54a, ]Ɋ& !X4a,5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p64a, ]Ɋ& !X4a,6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p74a, ]Ɋ& !X4a,7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h84a, ]Ɋ& !X4a,8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h94a, ]Ɋ& !X4a,9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h:4a, ]Ɋ& !X4a,: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**;4a, ]Ɋ&  !4a,; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**<$a, ]Ɋ& !$a,< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**=$a, ]Ɋ& '!X$a,= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**>$a, ]Ɋ& ?!X$a,> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**?$a, ]Ɋ& ;!X$a,? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**@$a, ]Ɋ& 3!X$a,@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **A$a, ]Ɋ& 3!X$a,A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**B$a, ]Ɋ& 5!X$a,B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0Cea, ]Ɋ& !ea,C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@DQa, ]Ɋ& !Qa,D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**EX. ]Ɋ& )!XX.E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**FX. ]Ɋ& A!XX.F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**GX. ]Ɋ& =!XX.G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**HX. ]Ɋ& 5!XX.H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXX.I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkIyIypev.PMu=VysMc&&**IX. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XX.I F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **JX. ]Ɋ& 7!XX.J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0K. ]Ɋ& !.K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@L. ]Ɋ& !.L F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XM. ]Ɋ& !X.M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pN. ]Ɋ& !X.N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hO. ]Ɋ& !X.O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`P. ]Ɋ& !X.P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`Q. ]Ɋ& !X.Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hR. ]Ɋ& !X.R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**S. ]Ɋ&  !.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **T. ]Ɋ& !.T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8UvF. ]Ɋ& !XvF.U F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PVvF. ]Ɋ& !XvF.V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PWvF. ]Ɋ& !XvF.W F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HXvF. ]Ɋ& !XvF.X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HYvF. ]Ɋ& !XvF.Y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HZvF. ]Ɋ& !XvF.Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**[vF. ]Ɋ& !vF.[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**\vF. ]Ɋ& !vF.\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X]vF. ]Ɋ& !XvF.] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p^vF. ]Ɋ& !XvF.^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h_vF. ]Ɋ& !XvF._ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**``vF. ]Ɋ& !XvF.` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`avF. ]Ɋ& !XvF.a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`bvF. ]Ɋ& !XvF.b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**cvF. ]Ɋ& !vF.c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**d . ]Ɋ& ! .d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(e . ]Ɋ& !X .e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@f . ]Ɋ& !X .f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@g . ]Ɋ& !X .g F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**8h . ]Ɋ& !X .h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8i . ]Ɋ& !X .i F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8j . ]Ɋ& !X .j F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**k . ]Ɋ& ! .k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**lw. ]Ɋ& !w.l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XmW<. ]Ɋ& !XW<.m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnW<. ]Ɋ& !XW<.n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**poW<. ]Ɋ& !XW<.o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hpW<. ]Ɋ& !XW<.p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hqW<. ]Ɋ& !XW<.q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae9h**hrW<. ]Ɋ& !XW<.r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**sW<. ]Ɋ&  !W<.s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**t. ]Ɋ& !.t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**u. ]Ɋ& '!X.u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**v. ]Ɋ& ?!X.v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**w. ]Ɋ& ;!X.w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **x. ]Ɋ& 3!X.x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**y. ]Ɋ& 3!X.y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkzzp(6NMu=VysMc&&** z. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X.z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=472 **0{. ]Ɋ& !.{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|. ]Ɋ& !.| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**}׉b1 ]Ɋ& )!X׉b1} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**~׉b1 ]Ɋ& A!X׉b1~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **׉b1 ]Ɋ& =!X׉b1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**׉b1 ]Ɋ& 5!X׉b1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**׉b1 ]Ɋ& 5!X׉b1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **׉b1 ]Ɋ& 7!X׉b1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0׉b1 ]Ɋ& !׉b1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@c1 ]Ɋ& !c1 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xc1 ]Ɋ& !Xc1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pc1 ]Ɋ& !Xc1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hc1 ]Ɋ& !Xc1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`c1 ]Ɋ& !Xc1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`c1 ]Ɋ& !Xc1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc1 ]Ɋ& !Xc1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**c1 ]Ɋ&  !c1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8Sd1 ]Ɋ& !XSd1 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PSd1 ]Ɋ& !XSd1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HSd1 ]Ɋ& !XSd1 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HSd1 ]Ɋ& !XSd1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**HSd1 ]Ɋ& !XSd1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XSd1 ]Ɋ& !XSd1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hSd1 ]Ɋ& !XSd1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`Sd1 ]Ɋ& !XSd1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`Sd1 ]Ɋ& !XSd1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`Sd1 ]Ɋ& !XSd1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**1d1 ]Ɋ& !1d1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(1d1 ]Ɋ& !X1d1 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@1d1 ]Ɋ& !X1d1 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@1d1 ]Ɋ& !X1d1 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**81d1 ]Ɋ& !X1d1 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81d1 ]Ɋ& !X1d1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**81d1 ]Ɋ& !X1d1 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**1d1 ]Ɋ& !1d1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**DŽe1 ]Ɋ& !DŽe1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xf1 ]Ɋ& !Xf1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pf1 ]Ɋ& !Xf1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pf1 ]Ɋ& !Xf1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hf1 ]Ɋ& !Xf1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hf1 ]Ɋ& !Xf1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hf1 ]Ɋ& !Xf1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**f1 ]Ɋ&  !f1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu!g1 F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkxyMu=VysMc&&** !g1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!g1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **!g1 ]Ɋ& '!X!g1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ?!X!g1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ;!X!g1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**!g1 ]Ɋ& 3!X!g1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& 3!X!g1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**!g1 ]Ɋ& 5!X!g1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0!g1 ]Ɋ& !!g1 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@Ni1 ]Ɋ& !Ni1 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Kxs3 ]Ɋ& )!XKxs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**Kxs3 ]Ɋ& A!XKxs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**Kxs3 ]Ɋ& =!XKxs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**Kxs3 ]Ɋ& 5!XKxs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Kxs3 ]Ɋ& 5!XKxs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**Kxs3 ]Ɋ& 7!XKxs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kxs3 ]Ɋ& !Kxs3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@3|ys3 ]Ɋ& !3|ys3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X{s3 ]Ɋ& !X{s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p{s3 ]Ɋ& !X{s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h{s3 ]Ɋ& !X{s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`{s3 ]Ɋ& !X{s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`{s3 ]Ɋ& !X{s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h{s3 ]Ɋ& !X{s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**{s3 ]Ɋ&  !{s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **{s3 ]Ɋ& !{s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8$w|s3 ]Ɋ& !X$w|s3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P$w|s3 ]Ɋ& !X$w|s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P$w|s3 ]Ɋ& !X$w|s3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H$w|s3 ]Ɋ& !X$w|s3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H$w|s3 ]Ɋ& !X$w|s3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H$w|s3 ]Ɋ& !X$w|s3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1H**$w|s3 ]Ɋ& !$w|s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**$w|s3 ]Ɋ& !$w|s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}s3 ]Ɋ& !X}s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p}s3 ]Ɋ& !X}s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h}s3 ]Ɋ& !X}s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`}s3 ]Ɋ& !X}s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}s3 ]Ɋ& !X}s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`}s3 ]Ɋ& !X}s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}s3 ]Ɋ& !}s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q}s3 ]Ɋ& !Q}s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9 **(@~s3 ]Ɋ& !X@~s3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@@~s3 ]Ɋ& !X@~s3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@@~s3 ]Ɋ& !X@~s3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8@~s3 ]Ɋ& !X@~s3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8@~s3 ]Ɋ& !X@~s3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8@~s3 ]Ɋ& !X@~s3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**@~s3 ]Ɋ& !@~s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**~~s3 ]Ɋ& !~~s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X2s3 ]Ɋ& !X2s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p2s3 ]Ɋ& !X2s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnk8e/7Mu=VysMc&&**p 2s3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X2s3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h2s3 ]Ɋ& !X2s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**2s3 ]Ɋ&  !2s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b5**6s3 ]Ɋ& !6s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**_τs3 ]Ɋ& '!X_τs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**_τs3 ]Ɋ& ?!X_τs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**_τs3 ]Ɋ& ;!X_τs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**_τs3 ]Ɋ& 3!X_τs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_τs3 ]Ɋ& 3!X_τs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **_τs3 ]Ɋ& 5!X_τs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0_τs3 ]Ɋ& !_τs3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@s3 ]Ɋ& !s3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**S a5 ]Ɋ& )!XS a5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**S a5 ]Ɋ& A!XS a5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **S a5 ]Ɋ& =!XS a5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**S a5 ]Ɋ& 5!XS a5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**S a5 ]Ɋ& 5!XS a5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **S a5 ]Ɋ& 7!XS a5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0S a5 ]Ɋ& !S a5 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@=b5 ]Ɋ& !=b5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**Xb5 ]Ɋ& !Xb5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hb5 ]Ɋ& !Xb5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`b5 ]Ɋ& !Xb5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`b5 ]Ɋ& !Xb5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hb5 ]Ɋ& !Xb5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**b5 ]Ɋ&  !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=104c**b5 ]Ɋ& !b5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=34**8b5 ]Ɋ& !Xb5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pb5 ]Ɋ& !Xb5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hb5 ]Ɋ& !Xb5 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hb5 ]Ɋ& !Xb5 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hb5 ]Ɋ& !Xb5 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**b5 ]Ɋ& !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**nc5 ]Ɋ& !nc5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xnc5 ]Ɋ& !Xnc5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pnc5 ]Ɋ& !Xnc5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hnc5 ]Ɋ& !Xnc5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`nc5 ]Ɋ& !Xnc5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**` nc5 ]Ɋ& !Xnc5  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**` nc5 ]Ɋ& !Xnc5  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`** nc5 ]Ɋ& !nc5  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N** nc5 ]Ɋ& !nc5  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**( Cd5 ]Ɋ& !XCd5  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Cd5 ]Ɋ& !XCd5 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Cd5 ]Ɋ& !XCd5 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8Cd5 ]Ɋ& !XCd5 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXCd5 F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkBBG@~Mu=VysMc&&**8 Cd5 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XCd5 F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8Cd5 ]Ɋ& !XCd5 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**Cd5 ]Ɋ& !Cd5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**ڟd5 ]Ɋ& !ڟd5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xif5 ]Ɋ& !Xif5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pif5 ]Ɋ& !Xif5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7p**pif5 ]Ɋ& !Xif5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hif5 ]Ɋ& !Xif5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hif5 ]Ɋ& !Xif5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hif5 ]Ɋ& !Xif5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**if5 ]Ɋ&  !if5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**4g5 ]Ɋ& !4g5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**h5 ]Ɋ& '!Xh5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**h5 ]Ɋ& ?!Xh5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**h5 ]Ɋ& ;!Xh5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** h5 ]Ɋ& 3!Xh5  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**!h5 ]Ɋ& 3!Xh5! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"h5 ]Ɋ& 5!Xh5" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0#di5 ]Ɋ& !di5# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$$i5 ]Ɋ& !$i5$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**%8 ]Ɋ& )!X8% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535-**&8 ]Ɋ& A!X8& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**'8 ]Ɋ& =!X8' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(8 ]Ɋ& 5!X8( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)8 ]Ɋ& 5!X8) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b***8 ]Ɋ& 7!X8* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0+&8 ]Ɋ& !&8+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10**@,08 ]Ɋ& !08, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X-Sɳ8 ]Ɋ& !XSɳ8- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p.Sɳ8 ]Ɋ& !XSɳ8. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h/Sɳ8 ]Ɋ& !XSɳ8/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`0Sɳ8 ]Ɋ& !XSɳ80 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1Sɳ8 ]Ɋ& !XSɳ81 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h2Sɳ8 ]Ɋ& !XSɳ82 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**3Sɳ8 ]Ɋ&  !Sɳ83 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**4Sɳ8 ]Ɋ& !Sɳ84 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**85Sɳ8 ]Ɋ& !XSɳ85 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P6Sɳ8 ]Ɋ& !XSɳ86 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P7Sɳ8 ]Ɋ& !XSɳ87 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H8Sɳ8 ]Ɋ& !XSɳ88 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H9Sɳ8 ]Ɋ& !XSɳ89 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H:Sɳ8 ]Ɋ& !XSɳ8: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**;Sɳ8 ]Ɋ& !Sɳ8; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**<Sɳ8 ]Ɋ& !Sɳ8< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X=a8 ]Ɋ& !Xa8= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p>a8 ]Ɋ& !Xa8> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h?a8 ]Ɋ& !Xa8? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`@a8 ]Ɋ& !Xa8@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Aa8 ]Ɋ& !Xa8A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`Ba8 ]Ɋ& !Xa8B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnkCsCs`;!ksgMu=VysMc&&**Ca8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !a8C F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Da8 ]Ɋ& !a8D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(Ea8 ]Ɋ& !Xa8E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@Fa8 ]Ɋ& !Xa8F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Ga8 ]Ɋ& !Xa8G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8Ha8 ]Ɋ& !Xa8H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8Ia8 ]Ɋ& !Xa8I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8Ja8 ]Ɋ& !Xa8J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**Ka8 ]Ɋ& !a8K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**L8 ]Ɋ& !8L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**XM+8 ]Ɋ& !X+8M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN+8 ]Ɋ& !X+8N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**pO+8 ]Ɋ& !X+8O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**hP+8 ]Ɋ& !X+8P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**hQ+8 ]Ɋ& !X+8Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**hR+8 ]Ɋ& !X+8R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**S+8 ]Ɋ&  !+8S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TCĶ8 ]Ɋ& !CĶ8T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**U\8 ]Ɋ& '!X\8U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**V\8 ]Ɋ& ?!X\8V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W\8 ]Ɋ& ;!X\8W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X\8 ]Ɋ& 3!X\8X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**Y\8 ]Ɋ& 3!X\8Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z\8 ]Ɋ& 5!X\8Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0[\8 ]Ɋ& !\8[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@\p8 ]Ɋ& !p8\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**]Dvd: ]Ɋ& )!XDvd:] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**^Dvd: ]Ɋ& A!XDvd:^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-4d**_Dvd: ]Ɋ& =!XDvd:_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`Dvd: ]Ɋ& 5!XDvd:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**aDvd: ]Ɋ& 5!XDvd:a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bDvd: ]Ɋ& 7!XDvd:b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0cDvd: ]Ɋ& !Dvd:c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@dqd: ]Ɋ& !qd:d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**Xeqd: ]Ɋ& !Xqd:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pfqd: ]Ɋ& !Xqd:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hgqd: ]Ɋ& !Xqd:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`hqd: ]Ɋ& !Xqd:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`iqd: ]Ɋ& !Xqd:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hjqd: ]Ɋ& !Xqd:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**kqd: ]Ɋ&  !qd:k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**l@d: ]Ɋ& !@d:l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8m@d: ]Ɋ& !X@d:m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**Pn@d: ]Ɋ& !X@d:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**Po@d: ]Ɋ& !X@d:o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**Hp@d: ]Ɋ& !X@d:p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**Hq@d: ]Ɋ& !X@d:q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**Hr@d: ]Ɋ& !X@d:r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**s@d: ]Ɋ& !@d:s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm@d:ElfChnkttH Q}I0Mu=VysMc&&**t@d: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !@d:t F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**Xud: ]Ɋ& !Xd:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pvd: ]Ɋ& !Xd:v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hwd: ]Ɋ& !Xd:w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`xd: ]Ɋ& !Xd:x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`yd: ]Ɋ& !Xd:y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zd: ]Ɋ& !Xd:z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**{d: ]Ɋ& !d:{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|d: ]Ɋ& !d:| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}d: ]Ɋ& !Xd:} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@~d: ]Ɋ& !Xd:~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@d: ]Ɋ& !Xd: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8d: ]Ɋ& !Xd: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8d: ]Ɋ& !Xd: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8d: ]Ɋ& !Xd: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**d: ]Ɋ& !d: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** d: ]Ɋ& ! d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xbd: ]Ɋ& !Xbd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pbd: ]Ɋ& !Xbd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pbd: ]Ɋ& !Xbd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hbd: ]Ɋ& !Xbd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hbd: ]Ɋ& !Xbd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hbd: ]Ɋ& !Xbd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**bd: ]Ɋ&  !bd: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d: ]Ɋ& !d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**d: ]Ɋ& '!Xd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d: ]Ɋ& ?!Xd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**d: ]Ɋ& ;!Xd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**d: ]Ɋ& 3!Xd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **d: ]Ɋ& 3!Xd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**d: ]Ɋ& 5!Xd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0d: ]Ɋ& !d: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@%ld: ]Ɋ& !%ld: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5d8@**=M< ]Ɋ& )!X=M< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**=M< ]Ɋ& A!X=M< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**=M< ]Ɋ& =!X=M< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e**=M< ]Ɋ& 5!X=M< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**=M< ]Ɋ& 5!X=M< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**=M< ]Ɋ& 7!X=M< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0< ]Ɋ& !< F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@j~< ]Ɋ& !j~< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!@d: ]Ɋ& at< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@L;0Mu=VysMc&&**< ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8< ]Ɋ& !X< F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P< ]Ɋ& !X< F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H< ]Ɋ& !X< F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H< ]Ɋ& !X< F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H< ]Ɋ& !X< F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f6h**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(-H< ]Ɋ& !X-H< F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@-H< ]Ɋ& !X-H< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@-H< ]Ɋ& !X-H< F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8-H< ]Ɋ& !X-H< F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8-H< ]Ɋ& !X-H< F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8-H< ]Ɋ& !X-H< F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**-H< ]Ɋ& !-H< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**< ]Ɋ& '!X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**< ]Ɋ& ?!X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**< ]Ɋ& ;!X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **< ]Ɋ& 3!X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**< ]Ɋ& 3!X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**< ]Ɋ& 5!X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0< ]Ɋ& !< F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ۙ< ]Ɋ& !ۙ< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**τl> ]Ɋ& )!Xτl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**τl> ]Ɋ& A!Xτl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**τl> ]Ɋ& =!Xτl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**τl> ]Ɋ& 5!Xτl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**τl> ]Ɋ& 5!Xτl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**τl> ]Ɋ& 7!Xτl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0fl> ]Ɋ& !fl> F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@l> ]Ɋ& !l> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=890@165a Pipel ]Ɋ& meXNl> F&e=ElfChnkHQk88Mu=VysMc&&**XNl> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XNl> F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pNl> ]Ɋ& !XNl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hNl> ]Ɋ& !XNl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`Nl> ]Ɋ& !XNl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Nl> ]Ɋ& !XNl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hNl> ]Ɋ& !XNl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**Nl> ]Ɋ&  !Nl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=<**Nl> ]Ɋ& !Nl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8)l> ]Ɋ& !X)l> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P)l> ]Ɋ& !X)l> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H)l> ]Ɋ& !X)l> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)l> ]Ɋ& !X)l> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H)l> ]Ɋ& !X)l> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**)l> ]Ɋ& !)l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)l> ]Ɋ& !)l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X)l> ]Ɋ& !X)l> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h)l> ]Ɋ& !X)l> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`)l> ]Ɋ& !X)l> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`)l> ]Ɋ& !X)l> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`)l> ]Ɋ& !X)l> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(l> ]Ɋ& !Xl> F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@l> ]Ɋ& !Xl> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@l> ]Ɋ& !Xl> F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8l> ]Ɋ& !Xl> F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8l> ]Ɋ& !Xl> F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef8**8l> ]Ɋ& !Xl> F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xzl> ]Ɋ& !Xzl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pzl> ]Ɋ& !Xzl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pzl> ]Ɋ& !Xzl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hzl> ]Ɋ& !Xzl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hzl> ]Ɋ& !Xzl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hzl> ]Ɋ& !Xzl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**zl> ]Ɋ&  !zl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Gl> ]Ɋ& !Gl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **Gl> ]Ɋ& '!XGl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Gl> ]Ɋ& ?!XGl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Gl> ]Ɋ& ;!XGl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Gl> ]Ɋ& 3!XGl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Gl> ]Ɋ& 3!XGl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**Gl> ]Ɋ& 5!XGl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0Gl> ]Ɋ& !Gl> F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@tDl> ]Ɋ& !tDl> F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk66hP<ŐU{[Mu=VysMc&&**v@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xv@ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**v@ ]Ɋ& A!Xv@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**v@ ]Ɋ& =!Xv@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**v@ ]Ɋ& 5!Xv@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** v@ ]Ɋ& 5!Xv@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=01** v@ ]Ɋ& 7!Xv@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0 v@ ]Ɋ& !v@  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ @ ]Ɋ& !@  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X :@ ]Ɋ& !X:@  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p:@ ]Ɋ& !X:@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h:@ ]Ɋ& !X:@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`:@ ]Ɋ& !X:@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`:@ ]Ɋ& !X:@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:@ ]Ɋ& !X:@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**:@ ]Ɋ&  !:@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **6@ ]Ɋ& !6@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8g@ ]Ɋ& !Xg@ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**Pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**Pg@ ]Ɋ& !Xg@ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**Hg@ ]Ɋ& !Xg@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Hg@ ]Ɋ& !Xg@ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hg@ ]Ɋ& !Xg@ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=>H**g@ ]Ɋ& !g@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**g@ ]Ɋ& !g@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xg@ ]Ɋ& !Xg@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hg@ ]Ɋ& !Xg@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` g@ ]Ɋ& !Xg@  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`!g@ ]Ɋ& !Xg@! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`"g@ ]Ɋ& !Xg@" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**#g@ ]Ɋ& !g@# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$g@ ]Ɋ& !g@$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%@ ]Ɋ& !X@% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@&@ ]Ɋ& !X@& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'@ ]Ɋ& !X@' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8(@ ]Ɋ& !X@( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8)@ ]Ɋ& !X@) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8*@ ]Ɋ& !X@* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**+@ ]Ɋ& !@+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,*@ ]Ɋ& !*@, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X-@ ]Ɋ& !X@- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p.@ ]Ɋ& !X@. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p/@ ]Ɋ& !X@/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8bap**h0@ ]Ɋ& !X@0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h1@ ]Ɋ& !X@1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2@ ]Ɋ& !X@2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3@ ]Ɋ&  !@3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **4H@ ]Ɋ& !H@4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**5H@ ]Ɋ& '!XH@5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**6H@ ]Ɋ& ?!XH@6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-31-8315-49ba ]Ɋ& reXH@7 F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk7i7i@ce^Mu=VysMc&&** 7H@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XH@7 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8H@ ]Ɋ& 3!XH@8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**9H@ ]Ɋ& 3!XH@9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=811**:H@ ]Ɋ& 5!XH@: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;H@ ]Ɋ& !H@; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@<u@ ]Ɋ& !u@< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**=k3C ]Ɋ& )!Xk3C= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>k3C ]Ɋ& A!Xk3C> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**?k3C ]Ɋ& =!Xk3C? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**@k3C ]Ɋ& 5!Xk3C@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ak3C ]Ɋ& 5!Xk3CA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**Bk3C ]Ɋ& 7!Xk3CB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0Ck3C ]Ɋ& !k3CC F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@D@3C ]Ɋ& !@3CD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XE@3C ]Ɋ& !X@3CE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pF@3C ]Ɋ& !X@3CF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG@3C ]Ɋ& !X@3CG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H@3C ]Ɋ& !X@3CH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`I@3C ]Ɋ& !X@3CI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJ@3C ]Ɋ& !X@3CJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**K@3C ]Ɋ&  !@3CK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**L43C ]Ɋ& !43CL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8M43C ]Ɋ& !X43CM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**PN43C ]Ɋ& !X43CN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**PO43C ]Ɋ& !X43CO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**HP43C ]Ɋ& !X43CP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**HQ43C ]Ɋ& !X43CQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**HR43C ]Ɋ& !X43CR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**S43C ]Ɋ& !43CS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T43C ]Ɋ& !43CT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XU43C ]Ɋ& !X43CU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pV43C ]Ɋ& !X43CV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hW43C ]Ɋ& !X43CW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`X43C ]Ɋ& !X43CX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10`**`Y43C ]Ɋ& !X43CY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`Z43C ]Ɋ& !X43CZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[43C ]Ɋ& !43C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**\m͖3C ]Ɋ& !m͖3C\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd8**(]m͖3C ]Ɋ& !Xm͖3C] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@^m͖3C ]Ɋ& !Xm͖3C^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@_m͖3C ]Ɋ& !Xm͖3C_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8`m͖3C ]Ɋ& !Xm͖3C` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8am͖3C ]Ɋ& !Xm͖3Ca F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8bm͖3C ]Ɋ& !Xm͖3Cb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**cm͖3C ]Ɋ& !m͖3Cc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**df3C ]Ɋ& !f3Cd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**Xe13C ]Ɋ& !X13Ce F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf13C ]Ɋ& !X13Cf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pg13C ]Ɋ& !X13Cg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hh13C ]Ɋ& !X13Ch F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hi13C ]Ɋ& !X13Ci F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X13Cj F&]Ɋ& meXNl> F&e=ElfChnkjjH͝.-rMu=VysMc&&**p j13C ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X13Cj F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **k13C ]Ɋ&  !13Ck F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**l/3C ]Ɋ& !/3Cl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**m^ș3C ]Ɋ& '!X^ș3Cm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**n^ș3C ]Ɋ& ?!X^ș3Cn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**o^ș3C ]Ɋ& ;!X^ș3Co F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**p^ș3C ]Ɋ& 3!X^ș3Cp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**q^ș3C ]Ɋ& 3!X^ș3Cq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **r^ș3C ]Ɋ& 5!X^ș3Cr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0s^ș3C ]Ɋ& !^ș3Cs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=660**@t`3C ]Ɋ& !`3Ct F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**u~E ]Ɋ& )!X~Eu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**v~E ]Ɋ& A!X~Ev F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**w~E ]Ɋ& =!X~Ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**x~E ]Ɋ& 5!X~Ex F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**y~E ]Ɋ& 5!X~Ey F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**z~E ]Ɋ& 7!X~Ez F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0{~E ]Ɋ& !~E{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@|߱~E ]Ɋ& !߱~E| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C@**X}x~E ]Ɋ& !Xx~E} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~x~E ]Ɋ& !Xx~E~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx~E ]Ɋ& !Xx~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x~E ]Ɋ& !Xx~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`x~E ]Ɋ& !Xx~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hx~E ]Ɋ& !Xx~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**x~E ]Ɋ&  !x~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**x~E ]Ɋ& !x~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8~E ]Ɋ& !X~E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**P~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**P~E ]Ɋ& !X~E F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H~E ]Ɋ& !X~E F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H~E ]Ɋ& !X~E F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3CH**H~E ]Ɋ& !X~E F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X~E ]Ɋ& !X~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(~E ]Ɋ& !X~E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@~E ]Ɋ& !X~E F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@~E ]Ɋ& !X~E F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8~E ]Ɋ& !X~E F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8~E ]Ɋ& !X~E F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8~E ]Ɋ& !X~E F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GB~E ]Ɋ& !GB~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X~E F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkHHMu=VysMc&&**` ~E ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X~E F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**~E ]Ɋ&  !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=~E ]Ɋ& !8=~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**շ~E ]Ɋ& '!Xշ~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**շ~E ]Ɋ& ?!Xշ~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**շ~E ]Ɋ& ;!Xշ~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-b**շ~E ]Ɋ& 3!Xշ~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**շ~E ]Ɋ& 3!Xշ~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b11**շ~E ]Ɋ& 5!Xշ~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0շ~E ]Ɋ& !շ~E F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@~E ]Ɋ& !~E F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**VG ]Ɋ& )!XVG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**VG ]Ɋ& A!XVG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **VG ]Ɋ& =!XVG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**VG ]Ɋ& 5!XVG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**VG ]Ɋ& 5!XVG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **VG ]Ɋ& 7!XVG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0VG ]Ɋ& !VG F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@LG ]Ɋ& !LG F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XLG ]Ɋ& !XLG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pLG ]Ɋ& !XLG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hLG ]Ɋ& !XLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`LG ]Ɋ& !XLG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`LG ]Ɋ& !XLG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hLG ]Ɋ& !XLG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**G ]Ɋ&  !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8G ]Ɋ& !XG F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**PG ]Ɋ& !XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**PG ]Ɋ& !XG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**HG ]Ɋ& !XG F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**HG ]Ɋ& !XG F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**HG ]Ɋ& !XG F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**G ]Ɋ& !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X}G ]Ɋ& !X}G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p}G ]Ɋ& !X}G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h}G ]Ɋ& !X}G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`}G ]Ɋ& !X}G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`}G ]Ɋ& !X}G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`}G ]Ɋ& !X}G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**}G ]Ɋ& !}G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**}G ]Ɋ& !}G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}G ]Ɋ& !X}G F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@}G ]Ɋ& !X}G F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkPtEbu"Mu=VysMc&&**@ }G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X}G F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8}G ]Ɋ& !X}G F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8}G ]Ɋ& !X}G F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8}G ]Ɋ& !X}G F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**GG ]Ɋ& !GG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**ݮG ]Ɋ& !ݮG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X G ]Ɋ& !X G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p G ]Ɋ& !X G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p G ]Ɋ& !X G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h G ]Ɋ& !X G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h G ]Ɋ& !X G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h G ]Ɋ& !X G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth** G ]Ɋ&  ! G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**xG ]Ɋ& !xG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**xG ]Ɋ& '!XxG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**xG ]Ɋ& ?!XxG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**xG ]Ɋ& ;!XxG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4a**xG ]Ɋ& 3!XxG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****xG ]Ɋ& 3!XxG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=abe**xG ]Ɋ& 5!XxG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0xG ]Ɋ& !xG F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@ΩG ]Ɋ& !ΩG F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**w=J ]Ɋ& )!Xw=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**w=J ]Ɋ& A!Xw=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**w=J ]Ɋ& =!Xw=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**w=J ]Ɋ& 5!Xw=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**w=J ]Ɋ& 5!Xw=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3f**w=J ]Ɋ& 7!Xw=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0O=J ]Ɋ& !O=J F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@樢=J ]Ɋ& !樢=J F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X|A=J ]Ɋ& !X|A=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h|A=J ]Ɋ& !X|A=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`|A=J ]Ɋ& !X|A=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`|A=J ]Ɋ& !X|A=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h|A=J ]Ɋ& !X|A=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**|A=J ]Ɋ&  !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**|A=J ]Ɋ& !|A=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8|A=J ]Ɋ& !X|A=J F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P|A=J ]Ɋ& !X|A=J F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H|A=J ]Ɋ& !X|A=J F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H|A=J ]Ɋ& !X|A=J F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H|A=J ]Ɋ& !X|A=J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**|A=J ]Ɋ& !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Xڣ=J ]Ɋ& !Xڣ=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pڣ=J ]Ɋ& !Xڣ=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hڣ=J ]Ɋ& !Xڣ=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  Xڣ=J F&CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnk00XV]0bjMu=VysMc&&**hڣ=J ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xڣ=J F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ڣ=J ]Ɋ& !Xڣ=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`ڣ=J ]Ɋ& !Xڣ=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**ڣ=J ]Ɋ& !ڣ=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(r=J ]Ɋ& !Xr=J F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@r=J ]Ɋ& !Xr=J F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@r=J ]Ɋ& !Xr=J F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8r=J ]Ɋ& !Xr=J F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8 r=J ]Ɋ& !Xr=J  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8 r=J ]Ɋ& !Xr=J  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8** r=J ]Ɋ& !r=J  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** @ =J ]Ɋ& !@ =J  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X m<=J ]Ɋ& !Xm<=J  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pm<=J ]Ɋ& !Xm<=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pm<=J ]Ɋ& !Xm<=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hm<=J ]Ɋ& !Xm<=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**hm<=J ]Ɋ& !Xm<=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hm<=J ]Ɋ& !Xm<=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5dh**m<=J ]Ɋ&  !m<=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **զ=J ]Ɋ& !զ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**m=J ]Ɋ& '!Xm=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**m=J ]Ɋ& ?!Xm=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**m=J ]Ɋ& ;!Xm=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**m=J ]Ɋ& 3!Xm=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**m=J ]Ɋ& 3!Xm=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**m=J ]Ɋ& 5!Xm=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0m=J ]Ɋ& !m=J F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b0**@0=J ]Ɋ& !0=J F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**YrL ]Ɋ& )!XYrL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& A!XYrL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& =!XYrL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** YrL ]Ɋ& 5!XYrL  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**!YrL ]Ɋ& 5!XYrL! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**"YrL ]Ɋ& 7!XYrL" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0#YrL ]Ɋ& !YrL# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@$rL ]Ɋ& !rL$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10@**X%I#tL ]Ɋ& !XI#tL% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p&I#tL ]Ɋ& !XI#tL& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h'I#tL ]Ɋ& !XI#tL' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`(I#tL ]Ɋ& !XI#tL( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**`)I#tL ]Ɋ& !XI#tL) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h*I#tL ]Ɋ& !XI#tL* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae2ch**+I#tL ]Ɋ&  !I#tL+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**,I#tL ]Ɋ& !I#tL, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8-߻tL ]Ɋ& !X߻tL- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P.߻tL ]Ɋ& !X߻tL. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**P/߻tL ]Ɋ& !X߻tL/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c2b7P**H0߻tL ]Ɋ& !X߻tL0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& l>X߻tL1 ElfChnk1a1aH+]Mu=VysMc&&**H1߻tL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X߻tL1 F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H2߻tL ]Ɋ& !X߻tL2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**3߻tL ]Ɋ& !߻tL3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**4߻tL ]Ɋ& !߻tL4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X5vTuL ]Ɋ& !XvTuL5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p6vTuL ]Ɋ& !XvTuL6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h7vTuL ]Ɋ& !XvTuL7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`8vTuL ]Ɋ& !XvTuL8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`9vTuL ]Ɋ& !XvTuL9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`:vTuL ]Ɋ& !XvTuL: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;vTuL ]Ɋ& !vTuL; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<vTuL ]Ɋ& !vTuL< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(=vTuL ]Ɋ& !XvTuL= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@>vTuL ]Ɋ& !XvTuL> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@?vTuL ]Ɋ& !XvTuL? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8@vTuL ]Ɋ& !XvTuL@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8AvTuL ]Ɋ& !XvTuLA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8BvTuL ]Ɋ& !XvTuLB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**CvTuL ]Ɋ& !vTuLC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **DvL ]Ɋ& !vLD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XEжwL ]Ɋ& !XжwLE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFжwL ]Ɋ& !XжwLF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pGжwL ]Ɋ& !XжwLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hHжwL ]Ɋ& !XжwLH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hIжwL ]Ɋ& !XжwLI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hJжwL ]Ɋ& !XжwLJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**KжwL ]Ɋ&  !жwLK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LfOxL ]Ɋ& !fOxLL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**MfOxL ]Ɋ& '!XfOxLM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **NfOxL ]Ɋ& ?!XfOxLN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**OfOxL ]Ɋ& ;!XfOxLO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**PfOxL ]Ɋ& 3!XfOxLP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **QfOxL ]Ɋ& 3!XfOxLQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**RfOxL ]Ɋ& 5!XfOxLR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0SfOxL ]Ɋ& !fOxLS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@TyL ]Ɋ& !yLT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-67b@**UwN ]Ɋ& )!XwNU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**VwN ]Ɋ& A!XwNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**WwN ]Ɋ& =!XwNW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3**XwN ]Ɋ& 5!XwNX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**YwN ]Ɋ& 5!XwNY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**ZwN ]Ɋ& 7!XwNZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I**0[wN ]Ɋ& !wN[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\,N ]Ɋ& !,N\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X],N ]Ɋ& !X,N] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p^,N ]Ɋ& !X,N^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h_,N ]Ɋ& !X,N_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**``,N ]Ɋ& !X,N` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`a,N ]Ɋ& !X,Na F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& X,Nb F& ElfChnkbbUKCMu=VysMc&&**hb,N ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!X,Nb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**c,N ]Ɋ&  !,Nc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=߸**dAN ]Ɋ& !ANd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8eAN ]Ɋ& !XANe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PfAN ]Ɋ& !XANf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PgAN ]Ɋ& !XANg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HhAN ]Ɋ& !XANh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HiAN ]Ɋ& !XANi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HjAN ]Ɋ& !XANj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**kAN ]Ɋ& !ANk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;**lAN ]Ɋ& !ANl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XmAN ]Ɋ& !XANm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pnAN ]Ɋ& !XANn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hoAN ]Ɋ& !XANo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`pAN ]Ɋ& !XANp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`qAN ]Ɋ& !XANq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`rAN ]Ɋ& !XANr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**sYڏN ]Ɋ& !YڏNs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tYڏN ]Ɋ& !YڏNt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(uYڏN ]Ɋ& !XYڏNu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@vYڏN ]Ɋ& !XYڏNv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@wYڏN ]Ɋ& !XYڏNw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8xYڏN ]Ɋ& !XYڏNx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8yYڏN ]Ɋ& !XYڏNy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8zYڏN ]Ɋ& !XYڏNz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**{YڏN ]Ɋ& !YڏN{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**|rN ]Ɋ& !rN| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X}9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@4XQ ]Ɋ& !4XQ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X4XQ ]Ɋ& !X4XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p4XQ ]Ɋ& !X4XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h4XQ ]Ɋ& !X4XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`4XQ ]Ɋ& !X4XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`4XQ ]Ɋ& !X4XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h4XQ ]Ɋ& !X4XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**4XQ ]Ɋ&  !4XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**7A5XQ ]Ɋ& !7A5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**87A5XQ ]Ɋ& !X7A5XQ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P7A5XQ ]Ɋ& !X7A5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P7A5XQ ]Ɋ& !X7A5XQ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H7A5XQ ]Ɋ& !X7A5XQ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H7A5XQ ]Ɋ& !X7A5XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H7A5XQ ]Ɋ& !X7A5XQ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**7A5XQ ]Ɋ& !7A5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5XQ ]Ɋ& !X5XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==426X**p5XQ ]Ɋ& !X5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h5XQ ]Ɋ& !X5XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`5XQ ]Ɋ& !X5XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`5XQ ]Ɋ& !X5XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`5XQ ]Ɋ& !X5XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**5XQ ]Ɋ& !5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(dr6XQ ]Ɋ& !Xdr6XQ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@dr6XQ ]Ɋ& !Xdr6XQ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@dr6XQ ]Ɋ& !Xdr6XQ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8dr6XQ ]Ɋ& !Xdr6XQ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8dr6XQ ]Ɋ& !Xdr6XQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8dr6XQ ]Ɋ& !Xdr6XQ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**dr6XQ ]Ɋ& !dr6XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru** 7XQ ]Ɋ& ! 7XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X(<8XQ ]Ɋ& !X(<8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p(<8XQ ]Ɋ& !X(<8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p(<8XQ ]Ɋ& !X(<8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h(<8XQ ]Ɋ& !X(<8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h(<8XQ ]Ɋ& !X(<8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h(<8XQ ]Ɋ& !X(<8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**(<8XQ ]Ɋ&  !(<8XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& !8XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**8XQ ]Ɋ& '!X8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**8XQ ]Ɋ& ?!X8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& ;!X8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 3!X8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**8XQ ]Ɋ& 3!X8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 5!X8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 358XQ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHDV*";Mu=VysMc&&**8 8XQ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8XQ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-58 **@:XQ ]Ɋ& !:XQ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**qdS ]Ɋ& )!XqdS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**qdS ]Ɋ& A!XqdS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **qdS ]Ɋ& =!XqdS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **qdS ]Ɋ& 5!XqdS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**qdS ]Ɋ& 5!XqdS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**qdS ]Ɋ& 7!XqdS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0qdS ]Ɋ& !qdS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S ]Ɋ& !S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5XQh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**84.S ]Ɋ& !X4.S F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P4.S ]Ɋ& !X4.S F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H4.S ]Ɋ& !X4.S F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4.S ]Ɋ& !4.S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X4.S ]Ɋ& !X4.S F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h4.S ]Ɋ& !X4.S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`4.S ]Ɋ& !X4.S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6d`**`4.S ]Ɋ& !X4.S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`4.S ]Ɋ& !X4.S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**a_S ]Ɋ& !a_S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hS ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hS ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**%)S ]Ɋ& !%)S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=358XQ ]Ɋ&  CX%)S F&ommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk''( NBJMu=VysMc&&** %)S ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X%)S F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **%)S ]Ɋ& ?!X%)S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**%)S ]Ɋ& ;!X%)S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **%)S ]Ɋ& 3!X%)S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**%)S ]Ɋ& 3!X%)S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**%)S ]Ɋ& 5!X%)S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0%)S ]Ɋ& !%)S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@RZS ]Ɋ& !RZS F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**7V ]Ɋ& )!X7V F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**7V ]Ɋ& A!X7V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**7V ]Ɋ& =!X7V F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47**7V ]Ɋ& 5!X7V F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**7V ]Ɋ& 5!X7V F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**7V ]Ɋ& 7!X7V F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**07V ]Ɋ& !7V F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@hV ]Ɋ& !hV F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**XhV ]Ɋ& !XhV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**phV ]Ɋ& !XhV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hhV ]Ɋ& !XhV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`hV ]Ɋ& !XhV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**` hV ]Ɋ& !XhV  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h hV ]Ɋ& !XhV  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.h** hV ]Ɋ&  !hV  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** nV ]Ɋ& !nV  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 nV ]Ɋ& !XnV  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.P**PnV ]Ɋ& !XnV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HnV ]Ɋ& !XnV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HnV ]Ɋ& !XnV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HnV ]Ɋ& !XnV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **nV ]Ɋ& !nV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XnV ]Ɋ& !XnV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hnV ]Ɋ& !XnV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`nV ]Ɋ& !XnV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`nV ]Ɋ& !XnV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`nV ]Ɋ& !XnV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**V ]Ɋ& !V F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(V ]Ɋ& !XV F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@V ]Ɋ& !XV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@V ]Ɋ& !XV F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7be@**8 V ]Ɋ& !XV  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8!V ]Ɋ& !XV! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8"V ]Ɋ& !XV" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**#V ]Ɋ& !V# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**$2V ]Ɋ& !2V$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X%cV ]Ɋ& !XcV% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p&cV ]Ɋ& !XcV& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p'cV ]Ɋ& !XcV' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& f-XcV( F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(Z(Z9}!bMu=VysMc&&**h (cV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XcV( F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h)cV ]Ɋ& !XcV) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h*cV ]Ɋ& !XcV* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**+cV ]Ɋ&  !cV+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**,_V ]Ɋ& !_V, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**-_V ]Ɋ& '!X_V- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**._V ]Ɋ& ?!X_V. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**/_V ]Ɋ& ;!X_V/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**0_V ]Ɋ& 3!X_V0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1_V ]Ɋ& 3!X_V1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**2_V ]Ɋ& 5!X_V2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**03V ]Ɋ& !V3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@4-V ]Ɋ& !-V4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**5ѫjX ]Ɋ& )!XѫjX5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6ѫjX ]Ɋ& A!XѫjX6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**7ѫjX ]Ɋ& =!XѫjX7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8ѫjX ]Ɋ& 5!XѫjX8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **9ѫjX ]Ɋ& 5!XѫjX9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**:ѫjX ]Ɋ& 7!XѫjX: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;jjX ]Ɋ& !jjX; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**@<jX ]Ɋ& !jX< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X=jX ]Ɋ& !XjX= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p>jX ]Ɋ& !XjX> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h?jX ]Ɋ& !XjX? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`@jX ]Ɋ& !XjX@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`AjX ]Ɋ& !XjXA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hBjX ]Ɋ& !XjXB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**CjX ]Ɋ&  !jXC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**DjX ]Ɋ& !jXD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8EjX ]Ɋ& !XjXE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**PFjX ]Ɋ& !XjXF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=baP**PGjX ]Ɋ& !XjXG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HHjX ]Ɋ& !XjXH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HIjX ]Ɋ& !XjXI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HJjX ]Ɋ& !XjXJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**KjX ]Ɋ& !jXK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**LC4jX ]Ɋ& !C4jXL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XMC4jX ]Ɋ& !XC4jXM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pNC4jX ]Ɋ& !XC4jXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hOC4jX ]Ɋ& !XC4jXO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`PC4jX ]Ɋ& !XC4jXP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`QC4jX ]Ɋ& !XC4jXQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`RC4jX ]Ɋ& !XC4jXR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**SC4jX ]Ɋ& !C4jXS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**TC4jX ]Ɋ& !C4jXT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(U̮jX ]Ɋ& !X̮jXU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@V̮jX ]Ɋ& !X̮jXV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@W̮jX ]Ɋ& !X̮jXW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8X̮jX ]Ɋ& !X̮jXX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8Y̮jX ]Ɋ& !X̮jXY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8Z̮jX ]Ɋ& !X̮jXZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk[[@Da7Mu=VysMc&&** [̮jX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!̮jX[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **\pejX ]Ɋ& !pejX\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X]jX ]Ɋ& !XjX] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p^jX ]Ɋ& !XjX^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p_jX ]Ɋ& !XjX_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h`jX ]Ɋ& !XjX` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hajX ]Ɋ& !XjXa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hbjX ]Ɋ& !XjXb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**cjX ]Ɋ&  !jXc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_θ**d4/jX ]Ɋ& !4/jXd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**e4/jX ]Ɋ& '!X4/jXe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**f4/jX ]Ɋ& ?!X4/jXf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g4/jX ]Ɋ& ;!X4/jXg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h4/jX ]Ɋ& 3!X4/jXh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**i4/jX ]Ɋ& 3!X4/jXi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j4/jX ]Ɋ& 5!X4/jXj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0k4/jX ]Ɋ& !4/jXk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@la`jX ]Ɋ& !a`jXl F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**mv:Z ]Ɋ& )!Xv:Zm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**nv:Z ]Ɋ& A!Xv:Zn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24-8**ov:Z ]Ɋ& =!Xv:Zo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**pv:Z ]Ɋ& 5!Xv:Zp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**qv:Z ]Ɋ& 5!Xv:Zq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rv:Z ]Ɋ& 7!Xv:Zr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0sv:Z ]Ɋ& !v:Zs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@t;Z ]Ɋ& !;Zt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**Xu;Z ]Ɋ& !X;Zu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pv;Z ]Ɋ& !X;Zv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hw;Z ]Ɋ& !X;Zw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`x;Z ]Ɋ& !X;Zx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`y;Z ]Ɋ& !X;Zy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hz;Z ]Ɋ& !X;Zz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**{;Z ]Ɋ&  !;Z{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27c30b91-5164-4f08-a2cc-ed66a7313df7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**|:P9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@g=Z ]Ɋ& !Xg=Z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@g=Z ]Ɋ& !Xg=Z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8g=Z ]Ɋ& !Xg=Z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8g=Z ]Ɋ& !Xg=Z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 8**8g=Z ]Ɋ& !Xg=Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**g=Z ]Ɋ& !g=Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>Z ]Ɋ& !>Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X?Z ]Ɋ& !X?Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p?Z ]Ɋ& !X?Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p?Z ]Ɋ& !X?Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h?Z ]Ɋ& !X?Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h?Z ]Ɋ& !X?Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h?Z ]Ɋ& !X?Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?Z ]Ɋ&  !?Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**W|@Z ]Ɋ& !W|@Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=914-**W|@Z ]Ɋ& '!XW|@Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**W|@Z ]Ɋ& ?!XW|@Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**W|@Z ]Ɋ& ;!XW|@Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **W|@Z ]Ɋ& 3!XW|@Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**W|@Z ]Ɋ& 3!XW|@Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W|@Z ]Ɋ& 5!XW|@Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0W|@Z ]Ɋ& !W|@Z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@AZ ]Ɋ& !AZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**"] ]Ɋ& )!X"] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**"] ]Ɋ& A!X"] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**"] ]Ɋ& =!X"] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**"] ]Ɋ& 5!X"] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5**"] ]Ɋ& 5!X"] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**"] ]Ɋ& 7!X"] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0"] ]Ɋ& !"] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S] ]Ɋ& !S] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XS] ]Ɋ& !XS] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pS] ]Ɋ& !XS] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~p**hS] ]Ɋ& !XS] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S] ]Ɋ& !XS] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S] ]Ɋ& !XS] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS] ]Ɋ& !XS] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**S] ]Ɋ&  !S] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8] ]Ɋ& !X] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P] ]Ɋ& !X] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H] ]Ɋ& !X] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**] ]Ɋ& !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%] ]Ɋ& !X%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X%] F& F&ndPath= CommandLine=8F& ElfChnk@vX ѤMu=VysMc&&**p%] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X%] F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h%] ]Ɋ& !X%] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`%] ]Ɋ& !X%] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`%] ]Ɋ& !X%] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97`**`%] ]Ɋ& !X%] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%] ]Ɋ& !%] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%] ]Ɋ& !X%] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@%] ]Ɋ& !X%] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@%] ]Ɋ& !X%] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8%] ]Ɋ& !X%] F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8%] ]Ɋ& !X%] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8%] ]Ɋ& !X%] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XN] ]Ɋ& !XN] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pN] ]Ɋ& !XN] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pN] ]Ɋ& !XN] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hN] ]Ɋ& !XN] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hN] ]Ɋ& !XN] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hN] ]Ɋ& !XN] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**N] ]Ɋ&  !N] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e4**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**] ]Ɋ& ?!X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**] ]Ɋ& ;!X] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**] ]Ɋ& 3!X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**] ]Ɋ& 3!X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**] ]Ɋ& 5!X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0] ]Ɋ& !] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@] ]Ɋ& !] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**>}_ ]Ɋ& )!X>}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**>}_ ]Ɋ& A!X>}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**>}_ ]Ɋ& =!X>}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **>}_ ]Ɋ& 5!X>}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97**>}_ ]Ɋ& 5!X>}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**>}_ ]Ɋ& 7!X>}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0>}_ ]Ɋ& !>}_ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@0@}_ ]Ɋ& !0@}_ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X@}_ ]Ɋ& !X@}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p@}_ ]Ɋ& !X@}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h@}_ ]Ɋ& !X@}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`@}_ ]Ɋ& !X@}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`@}_ ]Ɋ& !X@}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h@}_ ]Ɋ& !X@}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**@}_ ]Ɋ&  !@}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**@}_ ]Ɋ& !@}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8-aA}_ ]Ɋ& !X-aA}_ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P-aA}_ ]Ɋ& !X-aA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk 7N WMu=VysMc&&**P-aA}_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X-aA}_ F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H-aA}_ ]Ɋ& !X-aA}_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H-aA}_ ]Ɋ& !X-aA}_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H-aA}_ ]Ɋ& !X-aA}_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**-aA}_ ]Ɋ& !-aA}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**-aA}_ ]Ɋ& !-aA}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XA}_ ]Ɋ& !XA}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pA}_ ]Ɋ& !XA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hA}_ ]Ɋ& !XA}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`A}_ ]Ɋ& !XA}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e`**`A}_ ]Ɋ& !XA}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`A}_ ]Ɋ& !XA}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**A}_ ]Ɋ& !A}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**A}_ ]Ɋ& !A}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(ZB}_ ]Ɋ& !XZB}_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@ZB}_ ]Ɋ& !XZB}_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ZB}_ ]Ɋ& !XZB}_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8ZB}_ ]Ɋ& !XZB}_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8ZB}_ ]Ɋ& !XZB}_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8ZB}_ ]Ɋ& !XZB}_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ZB}_ ]Ɋ& !ZB}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ***C}_ ]Ɋ& !*C}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XD}_ ]Ɋ& !XD}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pD}_ ]Ɋ& !XD}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pD}_ ]Ɋ& !XD}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hD}_ ]Ɋ& !XD}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h D}_ ]Ɋ& !XD}_  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h D}_ ]Ɋ& !XD}_  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh** D}_ ]Ɋ&  !D}_  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** KE}_ ]Ɋ& !KE}_  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq** %F}_ ]Ɋ& '!X%F}_  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**%F}_ ]Ɋ& ?!X%F}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**%F}_ ]Ɋ& ;!X%F}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 3!X%F}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **%F}_ ]Ɋ& 3!X%F}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 5!X%F}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0%F}_ ]Ɋ& !%F}_ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@xF}_ ]Ɋ& !xF}_ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**a ]Ɋ& )!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**a ]Ɋ& A!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**a ]Ɋ& =!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**a ]Ɋ& 5!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**a ]Ɋ& 5!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**a ]Ɋ& 7!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Aa ]Ɋ& !Aa F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Aa ]Ɋ& !Aa F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XAa ]Ɋ& !XAa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fa6X**pAa ]Ɋ& !XAa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hAa ]Ɋ& !XAa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnk O O(2\J#1Mu=VysMc&&**h Aa ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XAa  F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aAh**`!Aa ]Ɋ& !XAa! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Aa ]Ɋ& !XAa" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#Aa ]Ɋ&  !Aa# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$na ]Ɋ& !na$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8%na ]Ɋ& !Xna% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&na ]Ɋ& !Xna& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'na ]Ɋ& !Xna' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H(na ]Ɋ& !Xna( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)na ]Ɋ& !Xna) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_H**H*na ]Ɋ& !Xna* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**+na ]Ɋ& !na+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,na ]Ɋ& !na, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-sa ]Ɋ& !Xsa- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p.sa ]Ɋ& !Xsa. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h/sa ]Ɋ& !Xsa/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`0sa ]Ɋ& !Xsa0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`1sa ]Ɋ& !Xsa1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`2sa ]Ɋ& !Xsa2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**3sa ]Ɋ& !sa3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4sa ]Ɋ& !sa4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(5sa ]Ɋ& !Xsa5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@6sa ]Ɋ& !Xsa6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@7sa ]Ɋ& !Xsa7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**88sa ]Ɋ& !Xsa8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**89sa ]Ɋ& !Xsa9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8758**8:sa ]Ɋ& !Xsa: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**;sa ]Ɋ& !sa; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<2a ]Ɋ& !2a< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X=_a ]Ɋ& !X_a= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>_a ]Ɋ& !X_a> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?_a ]Ɋ& !X_a? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h@_a ]Ɋ& !X_a@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**hA_a ]Ɋ& !X_aA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hB_a ]Ɋ& !X_aB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**C_a ]Ɋ&  !_aC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Dma ]Ɋ& !maD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **Ema ]Ɋ& '!XmaE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Fma ]Ɋ& ?!XmaF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**Gma ]Ɋ& ;!XmaG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**Hma ]Ɋ& 3!XmaH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**Ima ]Ɋ& 3!XmaI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**Jma ]Ɋ& 5!XmaJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0Kma ]Ɋ& !maK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@L"a ]Ɋ& !"aL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**M+d ]Ɋ& )!X+dM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**N+d ]Ɋ& A!X+dN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**O+d ]Ɋ& =!X+dO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkPPp)&AI3Mu=VysMc&&**P+d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+dP F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Q+d ]Ɋ& 5!X+dQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**R+d ]Ɋ& 7!X+dR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0S+d ]Ɋ& !+dS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@T+d ]Ɋ& !+dT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e2@**XU+d ]Ɋ& !X+dU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pV+d ]Ɋ& !X+dV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ef4p**hW+d ]Ɋ& !X+dW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`X+d ]Ɋ& !X+dX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Y+d ]Ɋ& !X+dY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hZ+d ]Ɋ& !X+dZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**[+d ]Ɋ&  !+d[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**\o+d ]Ɋ& !o+d\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8]o+d ]Ɋ& !Xo+d] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P^o+d ]Ɋ& !Xo+d^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P_o+d ]Ɋ& !Xo+d_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H`o+d ]Ɋ& !Xo+d` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**Hao+d ]Ɋ& !Xo+da F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hbo+d ]Ɋ& !Xo+db F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b1H**co+d ]Ɋ& !o+dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**do+d ]Ɋ& !o+dd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**Xe+d ]Ɋ& !X+de F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e901X**pf+d ]Ɋ& !X+df F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hg+d ]Ɋ& !X+dg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`h+d ]Ɋ& !X+dh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`i+d ]Ɋ& !X+di F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`j+d ]Ɋ& !X+dj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**k+d ]Ɋ& !+dk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**l+d ]Ɋ& !+dl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22c**(m+d ]Ɋ& !X+dm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@n+d ]Ɋ& !X+dn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@o+d ]Ɋ& !X+do F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8p+d ]Ɋ& !X+dp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8q+d ]Ɋ& !X+dq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8r+d ]Ɋ& !X+dr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**s+d ]Ɋ& !+ds F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**tD9+d ]Ɋ& !D9+dt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xu+d ]Ɋ& !X+du F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pv+d ]Ɋ& !X+dv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pw+d ]Ɋ& !X+dw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx+d ]Ɋ& !X+dx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hy+d ]Ɋ& !X+dy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hz+d ]Ɋ& !X+dz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1h**{+d ]Ɋ&  !+d{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**|+d ]Ɋ& !+d| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**}+d ]Ɋ& '!X+d} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**~+d ]Ɋ& ?!X+d~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**+d ]Ɋ& ;!X+d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**+d ]Ɋ& 3!X+d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX+d F&4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkHHrK5)Mu=VysMc&&** +d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+d F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **+d ]Ɋ& 5!X+d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+d ]Ɋ& !+d F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=450**@44+d ]Ɋ& !44+d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**f ]Ɋ& )!Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f ]Ɋ& A!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**f ]Ɋ& =!Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**f ]Ɋ& 5!Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5a**f ]Ɋ& 5!Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**f ]Ɋ& 7!Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0Jf ]Ɋ& !Jf F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@f ]Ɋ& !f F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**XG{f ]Ɋ& !XG{f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pG{f ]Ɋ& !XG{f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG{f ]Ɋ& !XG{f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`G{f ]Ɋ& !XG{f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`G{f ]Ɋ& !XG{f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hG{f ]Ɋ& !XG{f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**G{f ]Ɋ&  !G{f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**G{f ]Ɋ& !G{f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8f ]Ɋ& !Xf F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pf ]Ɋ& !Xf F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+dP**Hf ]Ɋ& !Xf F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hf ]Ɋ& !Xf F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hf ]Ɋ& !Xf F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f ]Ɋ& !f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xf ]Ɋ& !Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hf ]Ɋ& !Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`f ]Ɋ& !Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61`**`f ]Ɋ& !Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`f ]Ɋ& !Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**tf ]Ɋ& !tf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e6**(tf ]Ɋ& !Xtf F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@tf ]Ɋ& !Xtf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@tf ]Ɋ& !Xtf F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8tf ]Ɋ& !Xtf F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8tf ]Ɋ& !Xtf F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8tf ]Ɋ& !Xtf F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**tf ]Ɋ& !tf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**Ïf ]Ɋ& !Ïf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**Xeŏf ]Ɋ& !Xeŏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**peŏf ]Ɋ& !Xeŏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**peŏf ]Ɋ& !Xeŏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**heŏf ]Ɋ& !Xeŏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**heŏf ]Ɋ& !Xeŏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**heŏf ]Ɋ& !Xeŏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !eŏf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8RUz-Mu=VysMc&&** eŏf ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !eŏf F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **?Əf ]Ɋ& !?Əf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**Əf ]Ɋ& '!XƏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Əf ]Ɋ& ?!XƏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Əf ]Ɋ& ;!XƏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**Əf ]Ɋ& 3!XƏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Əf ]Ɋ& 3!XƏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Əf ]Ɋ& 5!XƏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0Əf ]Ɋ& !Əf F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=180**@ ȏf ]Ɋ& ! ȏf F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**Oh ]Ɋ& )!XOh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Oh ]Ɋ& A!XOh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**Oh ]Ɋ& =!XOh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Oh ]Ɋ& 5!XOh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Oh ]Ɋ& 5!XOh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**Oh ]Ɋ& 7!XOh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0Oh ]Ɋ& !Oh F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@̀ h ]Ɋ& !̀ h F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X̀ h ]Ɋ& !X̀ h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**p̀ h ]Ɋ& !X̀ h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**h̀ h ]Ɋ& !X̀ h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`̀ h ]Ɋ& !X̀ h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`̀ h ]Ɋ& !X̀ h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**h̀ h ]Ɋ& !X̀ h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**̀ h ]Ɋ&  !̀ h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=08-4**̀ h ]Ɋ& !̀ h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8c!h ]Ɋ& !Xc!h F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=038**Pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**Pc!h ]Ɋ& !Xc!h F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**Hc!h ]Ɋ& !Xc!h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hc!h ]Ɋ& !Xc!h F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**Hc!h ]Ɋ& !Xc!h F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xc!h ]Ɋ& !Xc!h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hc!h ]Ɋ& !Xc!h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`c!h ]Ɋ& !Xc!h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`c!h ]Ɋ& !Xc!h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`c!h ]Ɋ& !Xc!h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(c!h ]Ɋ& !Xc!h F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@c!h ]Ɋ& !Xc!h F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@c!h ]Ɋ& !Xc!h F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8c!h ]Ɋ& !Xc!h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8c!h ]Ɋ& !Xc!h F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8c!h ]Ɋ& !Xc!h F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**J"h ]Ɋ& !J"h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X&"h ]Ɋ& !X&"h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0'7=9 Mu=VysMc&&**x &"h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X&"h F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p&"h ]Ɋ& !X&"h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h&"h ]Ɋ& !X&"h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h&"h ]Ɋ& !X&"h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h&"h ]Ɋ& !X&"h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**&"h ]Ɋ&  !&"h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**{#h ]Ɋ& !{#h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**S$h ]Ɋ& '!XS$h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**S$h ]Ɋ& ?!XS$h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**S$h ]Ɋ& ;!XS$h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c95**S$h ]Ɋ& 3!XS$h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S$h ]Ɋ& 3!XS$h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=562**S$h ]Ɋ& 5!XS$h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S$h ]Ɋ& !S$h F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@$h ]Ɋ& !$h F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**pQ>k ]Ɋ& )!XpQ>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **pQ>k ]Ɋ& A!XpQ>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**pQ>k ]Ɋ& =!XpQ>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**pQ>k ]Ɋ& 5!XpQ>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**pQ>k ]Ɋ& 5!XpQ>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pQ>k ]Ɋ& 7!XpQ>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0pQ>k ]Ɋ& !pQ>k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ER>k ]Ɋ& !ER>k F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X4R>k ]Ɋ& !X4R>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h4R>k ]Ɋ& !X4R>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`4R>k ]Ɋ& !X4R>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`4R>k ]Ɋ& !X4R>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h4R>k ]Ɋ& !X4R>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**4R>k ]Ɋ&  !4R>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**4R>k ]Ɋ& !4R>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**84R>k ]Ɋ& !X4R>k F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P4R>k ]Ɋ& !X4R>k F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H4R>k ]Ɋ& !X4R>k F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H 4R>k ]Ɋ& !X4R>k  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H 4R>k ]Ɋ& !X4R>k  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH** vS>k ]Ɋ& !vS>k  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou** vS>k ]Ɋ& !vS>k  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X aT>k ]Ɋ& !XaT>k  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**paT>k ]Ɋ& !XaT>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**haT>k ]Ɋ& !XaT>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`aT>k ]Ɋ& !XaT>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`aT>k ]Ɋ& !XaT>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`aT>k ]Ɋ& !XaT>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**aT>k ]Ɋ& !aT>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**aT>k ]Ɋ& !aT>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(aT>k ]Ɋ& !XaT>k F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@aT>k ]Ɋ& !XaT>k F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@aT>k ]Ɋ& !XaT>k F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkHHpRܻXMu=VysMc&&**8 aT>k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XaT>k F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8aT>k ]Ɋ& !XaT>k F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8aT>k ]Ɋ& !XaT>k F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**T>k ]Ɋ& !T>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**@U>k ]Ɋ& !@U>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XqV>k ]Ɋ& !XqV>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pqV>k ]Ɋ& !XqV>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pqV>k ]Ɋ& !XqV>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h qV>k ]Ɋ& !XqV>k  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**h!qV>k ]Ɋ& !XqV>k! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**h"qV>k ]Ɋ& !XqV>k" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-h**#qV>k ]Ɋ&  !qV>k# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**$Q W>k ]Ɋ& !Q W>k$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**%W>k ]Ɋ& '!XW>k% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**&W>k ]Ɋ& ?!XW>k& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**'W>k ]Ɋ& ;!XW>k' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**(W>k ]Ɋ& 3!XW>k( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)W>k ]Ɋ& 3!XW>k) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp***W>k ]Ɋ& 5!XW>k* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0+W>k ]Ɋ& !W>k+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@,~;X>k ]Ɋ& !~;X>k, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**-q_m ]Ɋ& )!Xq_m- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**.q_m ]Ɋ& A!Xq_m. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/q_m ]Ɋ& =!Xq_m/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**0q_m ]Ɋ& 5!Xq_m0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**1q_m ]Ɋ& 5!Xq_m1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**2q_m ]Ɋ& 7!Xq_m2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**03q_m ]Ɋ& !q_m3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@4m ]Ɋ& !m4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70-@**X5m ]Ɋ& !Xm5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p6m ]Ɋ& !Xm6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h7m ]Ɋ& !Xm7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`8m ]Ɋ& !Xm8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6`**`9m ]Ɋ& !Xm9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**h:m ]Ɋ& !Xm: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**;m ]Ɋ&  !m; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**<m ]Ɋ& !m< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8=m ]Ɋ& !Xm= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P>m ]Ɋ& !Xm> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P?m ]Ɋ& !Xm? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H@m ]Ɋ& !Xm@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ee7dH**HAm ]Ɋ& !XmA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-b48H**HBm ]Ɋ& !XmB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8-H**Cm ]Ɋ& !mC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d60**D4)m ]Ɋ& !4)mD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**XE4)m ]Ɋ& !X4)mE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pF4)m ]Ɋ& !X4)mF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hG4)m ]Ɋ& !X4)mG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H4)m ]Ɋ& !X4)mH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX4)mI F&wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkIyIy@VcMu=VysMc&&**hI4)m ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X4)mI F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`J4)m ]Ɋ& !X4)mJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**K4)m ]Ɋ& !4)mK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**L4)m ]Ɋ& !4)mL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(Mm ]Ɋ& !XmM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@Nm ]Ɋ& !XmN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@Om ]Ɋ& !XmO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8Pm ]Ɋ& !XmP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8Qm ]Ɋ& !XmQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8Rm ]Ɋ& !XmR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Sm ]Ɋ& !mS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**TaZm ]Ɋ& !aZmT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XUm ]Ɋ& !XmU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pVm ]Ɋ& !XmV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pWm ]Ɋ& !XmW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hXm ]Ɋ& !XmX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hYm ]Ɋ& !XmY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hZm ]Ɋ& !XmZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**[m ]Ɋ&  !m[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**\%$m ]Ɋ& !%$m\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**]%$m ]Ɋ& '!X%$m] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**^%$m ]Ɋ& ?!X%$m^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**_%$m ]Ɋ& ;!X%$m_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`%$m ]Ɋ& 3!X%$m` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef**a%$m ]Ɋ& 3!X%$ma F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**b%$m ]Ɋ& 5!X%$mb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54**0c%$m ]Ɋ& !%$mc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dm ]Ɋ& !md F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**eo ]Ɋ& )!Xoe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**fo ]Ɋ& A!Xof F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **go ]Ɋ& =!Xog F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ho ]Ɋ& 5!Xoh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**io ]Ɋ& 5!Xoi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **jo ]Ɋ& 7!Xoj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ko ]Ɋ& !ok F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@l%o ]Ɋ& !%ol F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xm%o ]Ɋ& !X%om F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pn%o ]Ɋ& !X%on F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**ho%o ]Ɋ& !X%oo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`p%o ]Ɋ& !X%op F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`q%o ]Ɋ& !X%oq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hr%o ]Ɋ& !X%or F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**s%o ]Ɋ&  !%os F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**t%o ]Ɋ& !%ot F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8u%o ]Ɋ& !X%ou F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pv%o ]Ɋ& !X%ov F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Pw%o ]Ɋ& !X%ow F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hx%o ]Ɋ& !X%ox F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hy%o ]Ɋ& !X%oy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ba66H PipelineI ]Ɋ&  X%oz F&ElfChnkzzhAMu=VysMc&&**Hz%o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X%oz F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{%o ]Ɋ& !%o{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4)**|o ]Ɋ& !o| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}o ]Ɋ& !Xo} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~o ]Ɋ& !Xo~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**ho ]Ɋ& !Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`o ]Ɋ& !Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`o ]Ɋ& !Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`o ]Ɋ& !Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(o ]Ɋ& !Xo F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@o ]Ɋ& !Xo F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@o ]Ɋ& !Xo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8o ]Ɋ& !Xo F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8o ]Ɋ& !Xo F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==fe8**8o ]Ɋ& !Xo F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**R9o ]Ɋ& !R9o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xjo ]Ɋ& !Xjo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pjo ]Ɋ& !Xjo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pjo ]Ɋ& !Xjo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hjo ]Ɋ& !Xjo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hjo ]Ɋ& !Xjo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hjo ]Ɋ& !Xjo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**jo ]Ɋ&  !jo F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **o ]Ɋ& '!Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**o ]Ɋ& ?!Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**o ]Ɋ& 3!Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**o ]Ɋ& 3!Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**o ]Ɋ& 5!Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0o ]Ɋ& !o F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@o ]Ɋ& !o F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**.iEQr ]Ɋ& )!X.iEQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**.iEQr ]Ɋ& A!X.iEQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**.iEQr ]Ɋ& =!X.iEQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**.iEQr ]Ɋ& 7!X.iEQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0.iEQr ]Ɋ& !.iEQr F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@FQr ]Ɋ& !FQr F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X[FQr ]Ɋ& !X[FQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h[FQr ]Ɋ& !X[FQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`[FQr ]Ɋ& !X[FQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`[FQr ]Ɋ& !X[FQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h[FQr ]Ɋ& !X[FQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X%oz[FQrElfChnksLՓMu=VysMc&&**[FQr ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![FQr F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8[FQr ]Ɋ& !X[FQr F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P[FQr ]Ɋ& !X[FQr F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H[FQr ]Ɋ& !X[FQr F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H[FQr ]Ɋ& !X[FQr F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H[FQr ]Ɋ& !X[FQr F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**[FQr ]Ɋ& ![FQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**X2GQr ]Ɋ& !X2GQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**p2GQr ]Ɋ& !X2GQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h2GQr ]Ɋ& !X2GQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`2GQr ]Ɋ& !X2GQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`2GQr ]Ɋ& !X2GQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`2GQr ]Ɋ& !X2GQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2GQr ]Ɋ& !2GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(2GQr ]Ɋ& !X2GQr F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@2GQr ]Ɋ& !X2GQr F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@2GQr ]Ɋ& !X2GQr F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**82GQr ]Ɋ& !X2GQr F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**82GQr ]Ɋ& !X2GQr F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**82GQr ]Ɋ& !X2GQr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**GQr ]Ɋ& !GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XHQr ]Ɋ& !XHQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pHQr ]Ɋ& !XHQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pHQr ]Ɋ& !XHQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hHQr ]Ɋ& !XHQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hHQr ]Ɋ& !XHQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hHQr ]Ɋ& !XHQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**HQr ]Ɋ&  !HQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**KIQr ]Ɋ& !KIQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**KIQr ]Ɋ& '!XKIQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**KIQr ]Ɋ& ?!XKIQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**KIQr ]Ɋ& ;!XKIQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**KIQr ]Ɋ& 3!XKIQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**KIQr ]Ɋ& 3!XKIQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**KIQr ]Ɋ& 5!XKIQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0KIQr ]Ɋ& !KIQr F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@-JQr ]Ɋ& !-JQr F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=83f-@**#+t ]Ɋ& )!X#+t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**#+t ]Ɋ& A!X#+t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**#+t ]Ɋ& =!X#+t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70**#+t ]Ɋ& 5!X#+t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**#+t ]Ɋ& 5!X#+t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**#+t ]Ɋ& 7!X#+t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0õt ]Ɋ& !õt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk Xϡk^Mu=VysMc&&**@P\t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!P\t F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XP\t ]Ɋ& !XP\t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f13X**pP\t ]Ɋ& !XP\t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hP\t ]Ɋ& !XP\t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`P\t ]Ɋ& !XP\t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`P\t ]Ɋ& !XP\t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hP\t ]Ɋ& !XP\t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**P\t ]Ɋ&  !P\t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8t ]Ɋ& !Xt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pt ]Ɋ& !Xt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Ht ]Ɋ& !Xt F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Ht ]Ɋ& !Xt F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Ht ]Ɋ& !Xt F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**t ]Ɋ& !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X}t ]Ɋ& !X}t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-d60X**p}t ]Ɋ& !X}t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h}t ]Ɋ& !X}t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`}t ]Ɋ& !X}t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-`**`}t ]Ɋ& !X}t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`}t ]Ɋ& !X}t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**}t ]Ɋ& !}t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}t ]Ɋ& !X}t F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@}t ]Ɋ& !X}t F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@}t ]Ɋ& !X}t F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8}t ]Ɋ& !X}t F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8}t ]Ɋ& !X}t F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8}t ]Ɋ& !X}t F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **&t ]Ɋ& !&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X@Wt ]Ɋ& !X@Wt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p@Wt ]Ɋ& !X@Wt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p@Wt ]Ɋ& !X@Wt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h@Wt ]Ɋ& !X@Wt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h@Wt ]Ɋ& !X@Wt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h@Wt ]Ɋ& !X@Wt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**@Wt ]Ɋ&  !@Wt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ﹴt ]Ɋ& !ﹴt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**mt ]Ɋ& '!Xmt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**mt ]Ɋ& ?!Xmt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**mt ]Ɋ& ;!Xmt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**mt ]Ɋ& 3!Xmt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro** mt ]Ɋ& 3!Xmt  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** mt ]Ɋ& 5!Xmt  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0 mt ]Ɋ& !mt  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk = =CxHMu=VysMc&&**@ !t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!!t  F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ ** 2ew ]Ɋ& )!X2ew  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **2ew ]Ɋ& A!X2ew F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**2ew ]Ɋ& =!X2ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2ew ]Ɋ& 5!X2ew F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2ew ]Ɋ& 5!X2ew F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**2ew ]Ɋ& 7!X2ew F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **02ew ]Ɋ& !2ew F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@_ gw ]Ɋ& !_ gw F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X_ gw ]Ɋ& !X_ gw F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h_ gw ]Ɋ& !X_ gw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`_ gw ]Ɋ& !X_ gw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`_ gw ]Ɋ& !X_ gw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h_ gw ]Ɋ& !X_ gw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**_ gw ]Ɋ&  !_ gw F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **_ gw ]Ɋ& !_ gw F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8_ gw ]Ɋ& !X_ gw F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P_ gw ]Ɋ& !X_ gw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H _ gw ]Ɋ& !X_ gw  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H!_ gw ]Ɋ& !X_ gw! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H"_ gw ]Ɋ& !X_ gw" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**#_ gw ]Ɋ& !_ gw# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**$gw ]Ɋ& !gw$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X%gw ]Ɋ& !Xgw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p&gw ]Ɋ& !Xgw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h'gw ]Ɋ& !Xgw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`(gw ]Ɋ& !Xgw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`)gw ]Ɋ& !Xgw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`*gw ]Ɋ& !Xgw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**+gw ]Ɋ& !gw+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**,gw ]Ɋ& !gw, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(-gw ]Ɋ& !Xgw- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@.gw ]Ɋ& !Xgw. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@/gw ]Ɋ& !Xgw/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80gw ]Ɋ& !Xgw0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**81gw ]Ɋ& !Xgw1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**82gw ]Ɋ& !Xgw2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**3gw ]Ɋ& !gw3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**4;hw ]Ɋ& !;hw4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X5liw ]Ɋ& !Xliw5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p6liw ]Ɋ& !Xliw6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p7liw ]Ɋ& !Xliw7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h8liw ]Ɋ& !Xliw8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h9liw ]Ɋ& !Xliw9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2dh**h:liw ]Ɋ& !Xliw: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**;liw ]Ɋ&  !liw; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**<Pjw ]Ɋ& !Pjw< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**=Pjw ]Ɋ& '!XPjw= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXPjw> F&=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk>p>p02r3QMu=VysMc&&** >Pjw ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XPjw> F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **?Pjw ]Ɋ& ;!XPjw? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**@Pjw ]Ɋ& 3!XPjw@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**APjw ]Ɋ& 3!XPjwA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**BPjw ]Ɋ& 5!XPjwB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0CPjw ]Ɋ& !PjwC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@Djw ]Ɋ& !jwD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Ef4]cy ]Ɋ& )!Xf4]cyE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Ff4]cy ]Ɋ& A!Xf4]cyF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**Gf4]cy ]Ɋ& =!Xf4]cyG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**Hf4]cy ]Ɋ& 5!Xf4]cyH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72**If4]cy ]Ɋ& 5!Xf4]cyI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**Jf4]cy ]Ɋ& 7!Xf4]cyJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kf4]cy ]Ɋ& !f4]cyK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L]cy ]Ɋ& !]cyL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XMe^cy ]Ɋ& !Xe^cyM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**pNe^cy ]Ɋ& !Xe^cyN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_ gp**hOe^cy ]Ɋ& !Xe^cyO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Pe^cy ]Ɋ& !Xe^cyP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Qe^cy ]Ɋ& !Xe^cyQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRe^cy ]Ɋ& !Xe^cyR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Se^cy ]Ɋ&  !e^cyS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$**Te^cy ]Ɋ& !e^cyT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U*^cy ]Ɋ& !X*^cyU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&8**PV*^cy ]Ɋ& !X*^cyV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PW*^cy ]Ɋ& !X*^cyW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HX*^cy ]Ɋ& !X*^cyX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HY*^cy ]Ɋ& !X*^cyY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HZ*^cy ]Ɋ& !X*^cyZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**[*^cy ]Ɋ& !*^cy[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****\*^cy ]Ɋ& !*^cy\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X]_cy ]Ɋ& !X_cy] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p^_cy ]Ɋ& !X_cy^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h__cy ]Ɋ& !X_cy_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**``_cy ]Ɋ& !X_cy` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`a_cy ]Ɋ& !X_cya F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`b_cy ]Ɋ& !X_cyb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c_cy ]Ɋ& !_cyc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**d_cy ]Ɋ& !_cyd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(eW/`cy ]Ɋ& !XW/`cye F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@fW/`cy ]Ɋ& !XW/`cyf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@gW/`cy ]Ɋ& !XW/`cyg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8hW/`cy ]Ɋ& !XW/`cyh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8iW/`cy ]Ɋ& !XW/`cyi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li8**8jW/`cy ]Ɋ& !XW/`cyj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**kW/`cy ]Ɋ& !W/`cyk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**l`cy ]Ɋ& !`cyl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**Xmacy ]Ɋ& !Xacym F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnacy ]Ɋ& !Xacyn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**poacy ]Ɋ& !Xacyo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**hpacy ]Ɋ& !Xacyp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=Xacyq F&5f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnkqq+ :AX1Mu=VysMc&&**h qacy ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xacyq F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hracy ]Ɋ& !Xacyr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**sacy ]Ɋ&  !acys F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**tbcy ]Ɋ& !bcyt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**ubcy ]Ɋ& '!Xbcyu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**vbcy ]Ɋ& ?!Xbcyv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**wbcy ]Ɋ& ;!Xbcyw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2e1**xbcy ]Ɋ& 3!Xbcyx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ybcy ]Ɋ& 3!Xbcyy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=107**zbcy ]Ɋ& 5!Xbcyz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{bcy ]Ɋ& !bcy{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@|ccy ]Ɋ& !ccy| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**}<{ ]Ɋ& )!X<{} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **~<{ ]Ɋ& A!X<{~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**<{ ]Ɋ& =!X<{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**<{ ]Ɋ& 5!X<{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**<{ ]Ɋ& 5!X<{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**<{ ]Ɋ& 7!X<{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0"{ ]Ɋ& !"{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@m{ ]Ɋ& !m{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xm{ ]Ɋ& !Xm{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=UX**pm{ ]Ɋ& !Xm{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hm{ ]Ɋ& !Xm{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`m{ ]Ɋ& !Xm{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`m{ ]Ɋ& !Xm{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hm{ ]Ɋ& !Xm{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**m{ ]Ɋ&  !m{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**m{ ]Ɋ& !m{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8O{ ]Ɋ& !XO{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO{ ]Ɋ& !XO{ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HO{ ]Ɋ& !XO{ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HO{ ]Ɋ& !XO{ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HO{ ]Ɋ& !XO{ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XO{ ]Ɋ& !XO{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hO{ ]Ɋ& !XO{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`O{ ]Ɋ& !XO{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`O{ ]Ɋ& !XO{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`O{ ]Ɋ& !XO{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(O{ ]Ɋ& !XO{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@O{ ]Ɋ& !XO{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@O{ ]Ɋ& !XO{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8O{ ]Ɋ& !XO{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8O{ ]Ɋ& !XO{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8O{ ]Ɋ& !XO{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  |7{ F&%oz[FQrElfChnkp1fMu=VysMc&&** |7{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!|7{ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xh { ]Ɋ& !Xh { F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**ph { ]Ɋ& !Xh { F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**ph { ]Ɋ& !Xh { F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hh { ]Ɋ& !Xh { F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hh { ]Ɋ& !Xh { F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hh { ]Ɋ& !Xh { F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**h { ]Ɋ&  !h { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**h { ]Ɋ& !h { F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**@!{ ]Ɋ& '!X@!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**@!{ ]Ɋ& ?!X@!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**@!{ ]Ɋ& ;!X@!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**@!{ ]Ɋ& 3!X@!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**@!{ ]Ɋ& 3!X@!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**@!{ ]Ɋ& 5!X@!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0@!{ ]Ɋ& !@!{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@֙!{ ]Ɋ& !֙!{ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**r~ ]Ɋ& )!Xr~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**r~ ]Ɋ& A!Xr~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**r~ ]Ɋ& =!Xr~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**r~ ]Ɋ& 5!Xr~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**r~ ]Ɋ& 5!Xr~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**r~ ]Ɋ& 7!Xr~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0r~ ]Ɋ& !r~ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@g~ ]Ɋ& !g~ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X~ ]Ɋ& !X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h~ ]Ɋ& !X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`~ ]Ɋ& !X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`~ ]Ɋ& !X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h~ ]Ɋ& !X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**~ ]Ɋ&  !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8~ ]Ɋ& !X~ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P~ ]Ɋ& !X~ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H~ ]Ɋ& !X~ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H~ ]Ɋ& !X~ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H~ ]Ɋ& !X~ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**~ ]Ɋ& !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5~ ]Ɋ& !X5~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p5~ ]Ɋ& !X5~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h5~ ]Ɋ& !X5~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`5~ ]Ɋ& !X5~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`5~ ]Ɋ& !X5~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`5~ ]Ɋ& !X5~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**5~ ]Ɋ& !5~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(5~ ]Ɋ& !X5~ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X5~ F&  |7{ F&%oz[FQrElfChnk0S8Mu=VysMc&&**H 5~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X5~ F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@5~ ]Ɋ& !X5~ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**85~ ]Ɋ& !X5~ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**85~ ]Ɋ& !X5~ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**85~ ]Ɋ& !X5~ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0~ ]Ɋ& !0~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**Xa~ ]Ɋ& !Xa~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pa~ ]Ɋ& !Xa~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pa~ ]Ɋ& !Xa~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2bbp**ha~ ]Ɋ& !Xa~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**ha~ ]Ɋ& !Xa~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@!h**ha~ ]Ɋ& !Xa~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a~ ]Ɋ&  !a~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f40**@&~ ]Ɋ& !&~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**B:u ]Ɋ& )!XB:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**B:u ]Ɋ& A!XB:u F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**B:u ]Ɋ& =!XB:u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**B:u ]Ɋ& 5!XB:u F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**B:u ]Ɋ& 5!XB:u F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**B:u ]Ɋ& 7!XB:u F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0B:u ]Ɋ& !B:u F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@u ]Ɋ& !u F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xoku ]Ɋ& !Xoku F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoku ]Ɋ& !Xoku F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`oku ]Ɋ& !Xoku F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`oku ]Ɋ& !Xoku F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hoku ]Ɋ& !Xoku F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**oku ]Ɋ&  !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8oku ]Ɋ& !Xoku F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Poku ]Ɋ& !Xoku F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hoku ]Ɋ& !Xoku F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5H**oku ]Ɋ& !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = Xu F&  X5~ F&  |7{ F&%oz[FQrElfChnk77(xvޚMu=VysMc&&**pu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xu F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**` u ]Ɋ& !Xu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**` u ]Ɋ& !Xu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`** u ]Ɋ& !u  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d** u ]Ɋ& !u  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**( u ]Ɋ& !Xu  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@u ]Ɋ& !Xu F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@u ]Ɋ& !Xu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8u ]Ɋ& !Xu F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8u ]Ɋ& !Xu F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8u ]Ɋ& !Xu F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hu ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hu ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**`fu ]Ɋ& '!X`fu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**`fu ]Ɋ& ?!X`fu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`fu ]Ɋ& ;!X`fu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6cc** `fu ]Ɋ& 3!X`fu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**!`fu ]Ɋ& 3!X`fu! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ced**"`fu ]Ɋ& 5!X`fu" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#`fu ]Ɋ& !`fu# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@$u ]Ɋ& !u$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**%ق ]Ɋ& )!Xق% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**&ق ]Ɋ& A!Xق& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **'ق ]Ɋ& =!Xق' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**(ق ]Ɋ& 5!Xق( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **)ق ]Ɋ& 5!Xق) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca***ق ]Ɋ& 7!Xق* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0+ق ]Ɋ& !ق+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@,93ق ]Ɋ& !93ق, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X-˱ق ]Ɋ& !X˱ق- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.˱ق ]Ɋ& !X˱ق. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h/˱ق ]Ɋ& !X˱ق/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`0˱ق ]Ɋ& !X˱ق0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`1˱ق ]Ɋ& !X˱ق1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h2˱ق ]Ɋ& !X˱ق2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**3˱ق ]Ɋ&  !˱ق3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**4˱ق ]Ɋ& !˱ق4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**85˱ق ]Ɋ& !X˱ق5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P6˱ق ]Ɋ& !X˱ق6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P7˱ق ]Ɋ& !X˱ق7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&%ozXElfChnk8h8h04~(<Mu=VysMc&&**H8˱ق ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X˱ق8 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H9˱ق ]Ɋ& !X˱ق9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H:˱ق ]Ɋ& !X˱ق: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**;˱ق ]Ɋ& !˱ق; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**<˱ق ]Ɋ& !˱ق< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X=fdق ]Ɋ& !Xfdق= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p>fdق ]Ɋ& !Xfdق> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h?fdق ]Ɋ& !Xfdق? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`@fdق ]Ɋ& !Xfdق@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`Afdق ]Ɋ& !XfdقA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`Bfdق ]Ɋ& !XfdقB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Cfdق ]Ɋ& !fdقC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Dfdق ]Ɋ& !fdقD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(Eق ]Ɋ& !XقE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@Fق ]Ɋ& !XقF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@Gق ]Ɋ& !XقG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8Hق ]Ɋ& !XقH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8Iق ]Ɋ& !XقI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8Jق ]Ɋ& !XقJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Kق ]Ɋ& !قK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**Lق ]Ɋ& !قL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XMW_ق ]Ɋ& !XW_قM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pNW_ق ]Ɋ& !XW_قN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pOW_ق ]Ɋ& !XW_قO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hPW_ق ]Ɋ& !XW_قP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hQW_ق ]Ɋ& !XW_قQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hRW_ق ]Ɋ& !XW_قR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**SW_ق ]Ɋ&  !W_قS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tق ]Ɋ& !قT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**Uق ]Ɋ& '!XقU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Vق ]Ɋ& ?!XقV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Wق ]Ɋ& ;!XقW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xق ]Ɋ& 3!XقX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**Yق ]Ɋ& 3!XقY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**Zق ]Ɋ& 5!XقZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0[ق ]Ɋ& !ق[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@\)ق ]Ɋ& !)ق\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a3@**]oh% ]Ɋ& )!Xoh%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**^oh% ]Ɋ& A!Xoh%^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**_oh% ]Ɋ& =!Xoh%_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-0**`oh% ]Ɋ& 5!Xoh%` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**aoh% ]Ɋ& 5!Xoh%a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**boh% ]Ɋ& 7!Xoh%b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0coh% ]Ɋ& !oh%c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dWi% ]Ɋ& !Wi%d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XeWi% ]Ɋ& !XWi%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pfWi% ]Ɋ& !XWi%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hgWi% ]Ɋ& !XWi%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`hWi% ]Ɋ& !XWi%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkiiVg'<omMu=VysMc&&**hiWi% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XWi%i F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hjWi% ]Ɋ& !XWi%j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**kWi% ]Ɋ&  !Wi%k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**li% ]Ɋ& !i%l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8mi% ]Ɋ& !Xi%m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pni% ]Ɋ& !Xi%n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Poi% ]Ɋ& !Xi%o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hpi% ]Ɋ& !Xi%p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hqi% ]Ɋ& !Xi%q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=AH**Hri% ]Ɋ& !Xi%r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**si% ]Ɋ& !i%s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ti% ]Ɋ& !i%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xui% ]Ɋ& !Xi%u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pvi% ]Ɋ& !Xi%v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**hwi% ]Ɋ& !Xi%w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`xi% ]Ɋ& !Xi%x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`yi% ]Ɋ& !Xi%y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zi% ]Ɋ& !Xi%z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**{i% ]Ɋ& !i%{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|9j% ]Ɋ& !9j%| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(}9j% ]Ɋ& !X9j%} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@~9j% ]Ɋ& !X9j%~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@9j% ]Ɋ& !X9j% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**89j% ]Ɋ& !X9j% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**89j% ]Ɋ& !X9j% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c-8**89j% ]Ɋ& !X9j% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**9j% ]Ɋ& !9j% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**j% ]Ɋ& !j% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**XGl% ]Ɋ& !XGl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pGl% ]Ɋ& !XGl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**pGl% ]Ɋ& !XGl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**hGl% ]Ɋ& !XGl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**hGl% ]Ɋ& !XGl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**hGl% ]Ɋ& !XGl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Gl% ]Ɋ&  !Gl% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**ޛl% ]Ɋ& !ޛl% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**ޛl% ]Ɋ& '!Xޛl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ޛl% ]Ɋ& ?!Xޛl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**ޛl% ]Ɋ& ;!Xޛl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**ޛl% ]Ɋ& 3!Xޛl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ޛl% ]Ɋ& 3!Xޛl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**ޛl% ]Ɋ& 5!Xޛl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0ޛl% ]Ɋ& !ޛl% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@t4m% ]Ɋ& !t4m% F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**Y ]Ɋ& )!XY F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**Y ]Ɋ& A!XY F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**Y ]Ɋ& =!XY F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**Y ]Ɋ& 5!XY F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXY F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkpܮpMu=VysMc&&**Y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XY F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Y ]Ɋ& 7!XY F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0Y ]Ɋ& !Y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=227bd015-1e17-4323-abfb-20b117eac6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@mZ ]Ɋ& !mZ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30e6543f-56d8-4d54-8fba-fd0a081e385f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=227bd015-1e17-4323-abfb-20b117eac6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XmZ ]Ɋ& !XmZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pmZ ]Ɋ& !XmZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hmZ ]Ɋ& !XmZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`mZ ]Ɋ& !XmZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`mZ ]Ɋ& !XmZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hmZ ]Ɋ& !XmZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**mZ ]Ɋ&  !mZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb422fa1-5ccf-4182-ab36-63412288a348 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **@[ ]Ɋ& !@[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=728cc297-f60f-4076-abc2-740f63413c18 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb422fa1-5ccf-4182-ab36-63412288a348 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8@[ ]Ɋ& !X@[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P@[ ]Ɋ& !X@[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P@[ ]Ɋ& !X@[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H@[ ]Ɋ& !X@[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H@[ ]Ɋ& !X@[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H@[ ]Ɋ& !X@[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**@[ ]Ɋ& !@[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3e94e9-a441-4469-8a0c-848961b2fcdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**@[ ]Ɋ& !@[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bffe2cd0-0941-4020-9bd0-f29faa487a92 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc3e94e9-a441-4469-8a0c-848961b2fcdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X@[ ]Ɋ& !X@[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p@[ ]Ɋ& !X@[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h@[ ]Ɋ& !X@[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`@[ ]Ɋ& !X@[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`@[ ]Ɋ& !X@[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`@[ ]Ɋ& !X@[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**@[ ]Ɋ& !@[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e95a7ec-a8bc-4a23-8939-60545c9c8775 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**מ[ ]Ɋ& !מ[ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c1db1c2-7384-46ad-9885-9507b87d77fb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e95a7ec-a8bc-4a23-8939-60545c9c8775 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(מ[ ]Ɋ& !Xמ[ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@מ[ ]Ɋ& !Xמ[ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@מ[ ]Ɋ& !Xמ[ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8מ[ ]Ɋ& !Xמ[ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8מ[ ]Ɋ& !Xמ[ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8מ[ ]Ɋ& !Xמ[ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**מ[ ]Ɋ& !מ[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3210704f-cb57-4e04-bf13-5070fe0ec952 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**m7\ ]Ɋ& !m7\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83837f8e-648f-4226-b0d8-20bd3611494f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3210704f-cb57-4e04-bf13-5070fe0ec952 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**Xh] ]Ɋ& !Xh] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**ph] ]Ɋ& !Xh] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**ph] ]Ɋ& !Xh] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hh] ]Ɋ& !Xh] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hh] ]Ɋ& !Xh] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6bh**hh] ]Ɋ& !Xh] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**h] ]Ɋ&  !h] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b87ac144-c15b-4565-81e9-151488b1ba4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**1^ ]Ɋ& !1^ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21ee80b9-7299-445f-8313-6ae293511de2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b87ac144-c15b-4565-81e9-151488b1ba4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**1^ ]Ɋ& '!X1^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**1^ ]Ɋ& ?!X1^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**1^ ]Ɋ& ;!X1^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1^ ]Ɋ& 3!X1^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**1^ ]Ɋ& 3!X1^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X1^ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkp(Z4OMu=VysMc&&** 1^ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X1^ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4d5 **01^ ]Ɋ& !1^ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa6851f6-c161-4dcb-bf00-8ef248a6d14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Ǚ^ ]Ɋ& !Ǚ^ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=443a48a4-a440-447d-9756-e722306e63a2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aa6851f6-c161-4dcb-bf00-8ef248a6d14f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**l ]Ɋ& )!Xl F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**l ]Ɋ& A!Xl F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **l ]Ɋ& =!Xl F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& 5!Xl F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& 5!Xl F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **l ]Ɋ& 7!Xl F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0l ]Ɋ& !l F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e00451bb-c3b5-43ac-9a6a-f3f894991bb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e02af3e4-d6ab-4477-aeaf-de2a48030523 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e00451bb-c3b5-43ac-9a6a-f3f894991bb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c897ad-f1ca-4439-84d9-b01be6a8e141 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea1f5877-6751-449b-8893-69aad2530cb0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c897ad-f1ca-4439-84d9-b01be6a8e141 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ae56b0e-8f6b-4247-9417-4075568a2482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**6 ]Ɋ& !6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a16e89f-bce2-44f9-b43d-8e67d64961a1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ae56b0e-8f6b-4247-9417-4075568a2482 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X6 ]Ɋ& !X6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h6 ]Ɋ& !X6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`6 ]Ɋ& !X6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`6 ]Ɋ& !X6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`6 ]Ɋ& !X6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**6 ]Ɋ& !6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58f6bc5c-c8fd-49a2-9c7b-49689fbe3847 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**6 ]Ɋ& !6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e861004c-7734-4b72-963d-87f5778f6d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58f6bc5c-c8fd-49a2-9c7b-49689fbe3847 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=470223a8-cf6a-4325-a9c8-13b8870436ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=589e6381-9adf-4351-9a8b-73efe8501a8b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=470223a8-cf6a-4325-a9c8-13b8870436ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xߘ  ]Ɋ& !Xߘ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pߘ  ]Ɋ& !Xߘ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pߘ  ]Ɋ& !Xߘ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hߘ  ]Ɋ& !Xߘ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hߘ  ]Ɋ& !Xߘ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hߘ  ]Ɋ& !Xߘ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**ߘ  ]Ɋ&  !ߘ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f90986c-bcbd-41ea-aa1d-cb62c7e19e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cuv1! F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X1^ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnk..xhUlAMu=VysMc&&** v1! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !v1! F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c2ae572-d8dd-4cbe-a11e-314dd02d8deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f90986c-bcbd-41ea-aa1d-cb62c7e19e72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **v1! ]Ɋ& '!Xv1! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& ?!Xv1! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& ;!Xv1! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**v1! ]Ɋ& 3!Xv1! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**v1! ]Ɋ& 3!Xv1! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**v1! ]Ɋ& 5!Xv1! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0v1! ]Ɋ& !v1! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2a44918c-760e-4ef8-894c-24ff11e4c6ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@b" ]Ɋ& !b" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8e4c075-cfd9-48bb-8904-be74e13f57d4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2a44918c-760e-4ef8-894c-24ff11e4c6ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**ڸ7 ]Ɋ& )!Xڸ7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**ڸ7 ]Ɋ& A!Xڸ7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**ڸ7 ]Ɋ& =!Xڸ7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**ڸ7 ]Ɋ& 5!Xڸ7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** ڸ7 ]Ɋ& 5!Xڸ7  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e** ڸ7 ]Ɋ& 7!Xڸ7  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0 is7 ]Ɋ& !is7  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b96bd779-2540-4973-b991-6022880b04d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@ 7 ]Ɋ& ! 7  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bbfbb4f-cf97-47e8-a011-d249e71cebe4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b96bd779-2540-4973-b991-6022880b04d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X 7 ]Ɋ& !X 7  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p 7 ]Ɋ& !X 7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h 7 ]Ɋ& !X 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` 7 ]Ɋ& !X 7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` 7 ]Ɋ& !X 7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h 7 ]Ɋ& !X 7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh** 7 ]Ɋ&  ! 7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9590580-5b7b-40c0-8e7f-f8d4bdb53662 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8399379-9e7c-4321-94a4-b4c717a61610 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9590580-5b7b-40c0-8e7f-f8d4bdb53662 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**87 ]Ɋ& !X7 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P7 ]Ɋ& !X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P7 ]Ɋ& !X7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H7 ]Ɋ& !X7 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H7 ]Ɋ& !X7 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H7 ]Ɋ& !X7 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9266be95-1416-458d-9265-657949c674bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a66cc75f-a89b-47d1-bfd7-7b34e8bc4c1d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9266be95-1416-458d-9265-657949c674bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X,=7 ]Ɋ& !X,=7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p,=7 ]Ɋ& !X,=7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h,=7 ]Ɋ& !X,=7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**` ,=7 ]Ɋ& !X,=7  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`!,=7 ]Ɋ& !X,=7! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`",=7 ]Ɋ& !X,=7" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#,=7 ]Ɋ& !,=7# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6e4c628-2ebf-46b6-83ea-6ee3f5570f01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$,=7 ]Ɋ& !,=7$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5231e8d3-5688-41e8-9109-ad0f9457cb1c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6e4c628-2ebf-46b6-83ea-6ee3f5570f01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f **(%,=7 ]Ɋ& !X,=7% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@&,=7 ]Ɋ& !X,=7& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@',=7 ]Ɋ& !X,=7' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8(,=7 ]Ɋ& !X,=7( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8),=7 ]Ɋ& !X,=7) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8*,=7 ]Ɋ& !X,=7* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**+,=7 ]Ɋ& !,=7+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff122af8-8608-49f5-847d-ad1b2517b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**,ջ7 ]Ɋ& !ջ7, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22d7fef6-eb06-41f1-95b8-8490dffd24a8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff122af8-8608-49f5-847d-ad1b2517b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X-7 ]Ɋ& !X7- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p.7 ]Ɋ& !X7. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX7/ F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnk/`/`3 \&Mu=VysMc&&**p /7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X7/ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h07 ]Ɋ& !X70 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h17 ]Ɋ& !X71 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h27 ]Ɋ& !X72 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**37 ]Ɋ&  !73 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3847cfbd-d5ae-4ed5-a6dd-096e55e6673d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1**47 ]Ɋ& !74 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0288e20-a21d-4505-9cff-2ab14ad05c83 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3847cfbd-d5ae-4ed5-a6dd-096e55e6673d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**57 ]Ɋ& '!X75 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**67 ]Ɋ& ?!X76 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**77 ]Ɋ& ;!X77 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**87 ]Ɋ& 3!X78 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**97 ]Ɋ& 3!X79 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **:7 ]Ɋ& 5!X7: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;7 ]Ɋ& !7; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=61897670-dc9c-4062-aa40-9bb14d913252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@<о7 ]Ɋ& !о7< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3aa6397-a572-4187-b6e8-3fa07fb51a12 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=61897670-dc9c-4062-aa40-9bb14d913252 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**=𺚎 ]Ɋ& )!X𺚎= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>𺚎 ]Ɋ& A!X𺚎> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **?𺚎 ]Ɋ& =!X𺚎? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**@𺚎 ]Ɋ& 5!X𺚎@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**A𺚎 ]Ɋ& 5!X𺚎A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **B𺚎 ]Ɋ& 7!X𺚎B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**0C2 ]Ɋ& !2C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb605be3-86e2-48cc-9ef3-593e452f6c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@D! ]Ɋ& !!D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a9153f2-9515-4a69-a413-941fef21992e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb605be3-86e2-48cc-9ef3-593e452f6c24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XE! ]Ɋ& !X!E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pF! ]Ɋ& !X!F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hG! ]Ɋ& !X!G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`H! ]Ɋ& !X!H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`I! ]Ɋ& !X!I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hJ! ]Ɋ& !X!J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**K! ]Ɋ&  !!K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c36457fa-60eb-4fb4-9065-4155094eea4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c75f**L_ ]Ɋ& !_L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc6c1fc1-7578-4499-a27d-cc26256f3012 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c36457fa-60eb-4fb4-9065-4155094eea4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd**8M_ ]Ɋ& !X_M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**PN_ ]Ɋ& !X_N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**PO_ ]Ɋ& !X_O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**HP_ ]Ɋ& !X_P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**HQ_ ]Ɋ& !X_Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HR_ ]Ɋ& !X_R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**S_ ]Ɋ& !_S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a8ea131-ade4-428c-913f-9ec019a52125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**T_ ]Ɋ& !_T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf48f4d9-5720-4e87-852d-9681515ad92b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a8ea131-ade4-428c-913f-9ec019a52125 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUR ]Ɋ& !XRU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pVR ]Ɋ& !XRV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hWR ]Ɋ& !XRW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`XR ]Ɋ& !XRX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`YR ]Ɋ& !XRY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`ZR ]Ɋ& !XRZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**[R ]Ɋ& !R[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d66389c1-0588-427c-8a6b-9e63e3f55a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**\R ]Ɋ& !R\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fcdca46e-1e35-4d91-9f91-61112b77054e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d66389c1-0588-427c-8a6b-9e63e3f55a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(]R ]Ɋ& !XR] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@^R ]Ɋ& !XR^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@_R ]Ɋ& !XR_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8`R ]Ɋ& !XR` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXRa F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX7/ F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkaa$zj5Mu=VysMc&&**8 aR ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XRa F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8bR ]Ɋ& !XRb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**cR ]Ɋ& !Rc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d2e8d2a-63d7-434a-8134-beebf72819ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**d뽚 ]Ɋ& !뽚d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4368340-174e-4ec6-9a31-9feee74edfc6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d2e8d2a-63d7-434a-8134-beebf72819ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**XeM ]Ɋ& !XMe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pfM ]Ɋ& !XMf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**pgM ]Ɋ& !XMg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hhM ]Ɋ& !XMh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hiM ]Ɋ& !XMi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hjM ]Ɋ& !XMj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**k| ]Ɋ&  !|k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7640e9b8-169f-47d5-98b8-5446db64562f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**l| ]Ɋ& !|l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c26d846-34e3-4dfb-a12e-e4c7511c639c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7640e9b8-169f-47d5-98b8-5446db64562f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**mHÚ ]Ɋ& '!XHÚm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**nHÚ ]Ɋ& ?!XHÚn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**oHÚ ]Ɋ& ;!XHÚo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**pHÚ ]Ɋ& 3!XHÚp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**qHÚ ]Ɋ& 3!XHÚq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rHÚ ]Ɋ& 5!XHÚr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0sHÚ ]Ɋ& !HÚs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a09bcb0-f0d4-48ee-a003-fcc36fdcccef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@tmÚ ]Ɋ& !mÚt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a0977e3-d0ab-4652-9608-2e3145355391 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a09bcb0-f0d4-48ee-a003-fcc36fdcccef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**u ]Ɋ& )!Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=27d-**v ]Ɋ& A!Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**w ]Ɋ& =!Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **x ]Ɋ& 5!Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**z ]Ɋ& 7!Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0{ ]Ɋ& !{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6b76a96-ddd1-4418-b542-7a519381a3fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a0**@|} ]Ɋ& !}| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04479b2a-8096-45e1-afc8-61d9ecb65b99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6b76a96-ddd1-4418-b542-7a519381a3fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X} ]Ɋ& !X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c35b9b87-5b06-446a-b20f-ca7c173c6f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5de971a3-ff3e-454f-8b31-d5e681e093f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c35b9b87-5b06-446a-b20f-ca7c173c6f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1215cbfe-bc63-48b4-887d-2740c490b068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e83e022a-0621-40ad-a9d6-984a552235cb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1215cbfe-bc63-48b4-887d-2740c490b068 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XF ]Ɋ& !XF F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**pF ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hF ]Ɋ& !XF F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`F ]Ɋ& !XF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`F ]Ɋ& !XF F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`F ]Ɋ& !XF F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk`χ1Mu=VysMc&&**F ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !F F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=820045aa-8d99-419c-b60d-ac7d897995b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3589bb3e-b8fe-4e5b-af28-158071ef6c64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=820045aa-8d99-419c-b60d-ac7d897995b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(F ]Ɋ& !XF F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@F ]Ɋ& !XF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@F ]Ɋ& !XF F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8F ]Ɋ& !XF F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8F ]Ɋ& !XF F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8F ]Ɋ& !XF F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**F ]Ɋ& !F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d94e9630-588c-4901-bb5a-9d6757c2d2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**s߈ ]Ɋ& !s߈ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a075f43a-6097-4dc7-be6b-96b32c77f411 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d94e9630-588c-4901-bb5a-9d6757c2d2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1764ba38-d81d-41e6-8595-5ea12d5b07c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ecce1e0-d796-45d0-b284-458a55aa4203 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1764ba38-d81d-41e6-8595-5ea12d5b07c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**7 ]Ɋ& '!X7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**7 ]Ɋ& ?!X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& ;!X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& 3!X7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**7 ]Ɋ& 3!X7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& 5!X7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**07 ]Ɋ& !7 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ff7ff-c765-4ecc-953d-ffbf0d0a5aac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@A ]Ɋ& !A F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d77da5e0-7132-49ac-9ae8-90aa3dac222e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ff7ff-c765-4ecc-953d-ffbf0d0a5aac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**eJ ]Ɋ& )!XeJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**eJ ]Ɋ& A!XeJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-45**eJ ]Ɋ& =!XeJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eJ ]Ɋ& 5!XeJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**eJ ]Ɋ& 5!XeJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**eJ ]Ɋ& 7!XeJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0eJ ]Ɋ& !eJ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36404125-c6ee-4c42-b4a4-6ccfdbd94161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@AfJ ]Ɋ& !AfJ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=893593c3-2477-4750-8a51-da59bbb53752 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36404125-c6ee-4c42-b4a4-6ccfdbd94161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XAfJ ]Ɋ& !XAfJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pAfJ ]Ɋ& !XAfJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hAfJ ]Ɋ& !XAfJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`AfJ ]Ɋ& !XAfJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`AfJ ]Ɋ& !XAfJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hAfJ ]Ɋ& !XAfJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**AfJ ]Ɋ&  !AfJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ff93420-5880-4c42-98dd-28a29705d253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**AfJ ]Ɋ& !AfJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7e9d100-cc60-4dd4-b901-428f1ccf7317 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ff93420-5880-4c42-98dd-28a29705d253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**81fJ ]Ɋ& !X1fJ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P1fJ ]Ɋ& !X1fJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P1fJ ]Ɋ& !X1fJ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H1fJ ]Ɋ& !X1fJ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H1fJ ]Ɋ& !X1fJ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H1fJ ]Ɋ& !X1fJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**1fJ ]Ɋ& !1fJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=323c1376-c700-457e-ad79-dd9a6a292cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm1fJElfChnkHIJ *Mu=VysMc&&**1fJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !1fJ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41af8140-4a30-4b28-bae5-ff05ff814910 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=323c1376-c700-457e-ad79-dd9a6a292cd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X1fJ ]Ɋ& !X1fJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p1fJ ]Ɋ& !X1fJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h1fJ ]Ɋ& !X1fJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`1fJ ]Ɋ& !X1fJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`1fJ ]Ɋ& !X1fJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1fJ ]Ɋ& !X1fJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**1fJ ]Ɋ& !1fJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59531b41-6d01-4e7f-a9d0-25027de7fddc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1fJ ]Ɋ& !1fJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f8f469f-3e9e-405f-950f-6c3502afed98 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59531b41-6d01-4e7f-a9d0-25027de7fddc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(1fJ ]Ɋ& !X1fJ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@1fJ ]Ɋ& !X1fJ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@1fJ ]Ɋ& !X1fJ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8rgJ ]Ɋ& !XrgJ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8rgJ ]Ɋ& !XrgJ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8rgJ ]Ɋ& !XrgJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**rgJ ]Ɋ& !rgJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f30268c-ee83-477b-90ba-8e9225fb3f5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **^ hJ ]Ɋ& !^ hJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39cc7de7-fa6f-4148-83e1-9b32ddc76144 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2f30268c-ee83-477b-90ba-8e9225fb3f5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XhJ ]Ɋ& !XhJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**phJ ]Ɋ& !XhJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**phJ ]Ɋ& !XhJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hhJ ]Ɋ& !XhJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hhJ ]Ɋ& !XhJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hhJ ]Ɋ& !XhJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**hJ ]Ɋ&  !hJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a48868ca-60f6-46b0-9a7c-15098cf2d246 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6a1f01b-2c71-46da-bac3-f7608b752437 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=804eaab3-686a-41b3-b110-233cce355952 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ce137084-53b5-4369-b70e-d705ba816d13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**PM ]Ɋ& !XM F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PM ]Ɋ& !XM F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**HM ]Ɋ& !XM F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HM ]Ɋ& !XM F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HM ]Ɋ& !XM F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**M ]Ɋ& !M F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a112ac4-0390-4abd-a927-b0c6acd93d02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **M ]Ɋ& !M F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0cb9d805-4161-42aa-8018-78fb8a50e826 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a112ac4-0390-4abd-a927-b0c6acd93d02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3eh**`N ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`N ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`N ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**N ]Ɋ& !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf95c722-24b5-4243-b71b-794ed6bc8b57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17ef4c4b-1fd2-4691-ac88-0cf578f2e4b2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf95c722-24b5-4243-b71b-794ed6bc8b57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(N ]Ɋ& !XN F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@N ]Ɋ& !XN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@N ]Ɋ& !XN F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8N ]Ɋ& !XN F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8 N ]Ɋ& !XN  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8 N ]Ɋ& !XN  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8** N ]Ɋ& !N  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5bb9c06-08c7-4102-b2ca-a956033220ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er** NO ]Ɋ& !NO  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7e86bc7-ab53-4fc0-98af-74f4a25f54c7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b5bb9c06-08c7-4102-b2ca-a956033220ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X Q ]Ɋ& !X Q  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p Q ]Ɋ& !X Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p Q ]Ɋ& !X Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h Q ]Ɋ& !X Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h Q ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h Q ]Ɋ& !X Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h** Q ]Ɋ&  ! Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c4f3848-2104-4692-a988-5445f664e550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**IR ]Ɋ& !IR F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f2f2567-0648-4d61-bb77-acdb3c379133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c4f3848-2104-4692-a988-5445f664e550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**9R ]Ɋ& '!X9R F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**9R ]Ɋ& ?!X9R F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**9R ]Ɋ& ;!X9R F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **9R ]Ɋ& 3!X9R F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**9R ]Ɋ& 3!X9R F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**9R ]Ɋ& 5!X9R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **09R ]Ɋ& !9R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f95c6e2-2d35-4d57-a4e4-e2e2d2daba1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@zS ]Ɋ& !zS F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52ff49b1-d474-4b71-8c18-0770358f114e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f95c6e2-2d35-4d57-a4e4-e2e2d2daba1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**=$, ]Ɋ& )!X=$, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**=$, ]Ɋ& A!X=$, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**=$, ]Ɋ& =!X=$, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** =$, ]Ɋ& 5!X=$,  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**!=$, ]Ɋ& 5!X=$,! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**"=$, ]Ɋ& 7!X=$," F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#=$, ]Ɋ& !=$,# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a61a4d90-42d9-4d3a-8239-a8a79f611c14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$Ӽ, ]Ɋ& !Ӽ,$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=721ac5a7-7ee3-415f-836c-9ac4a5f588b3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a61a4d90-42d9-4d3a-8239-a8a79f611c14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5ba@6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnk%T%THezMu=VysMc&&**X%jU- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XjU-% F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&jU- ]Ɋ& !XjU-& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h'jU- ]Ɋ& !XjU-' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`(jU- ]Ɋ& !XjU-( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`)jU- ]Ɋ& !XjU-) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h*jU- ]Ɋ& !XjU-* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**+jU- ]Ɋ&  !jU-+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6249ddb0-fac9-42b0-b440-ce0bd8c050e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M**,jU- ]Ɋ& !jU-, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5dc773c5-671b-4d91-987b-a4a2e2d9f095 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6249ddb0-fac9-42b0-b440-ce0bd8c050e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8-- ]Ɋ& !X-- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P.- ]Ɋ& !X-. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P/- ]Ɋ& !X-/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H0- ]Ɋ& !X-0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H1- ]Ɋ& !X-1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H2- ]Ɋ& !X-2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**3- ]Ɋ& !-3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=615da138-d952-411a-8682-385d602acce0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**4- ]Ɋ& !-4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f21eff3-634e-4f72-9680-764f5caf1511 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=615da138-d952-411a-8682-385d602acce0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5. ]Ɋ& !X.5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p6. ]Ɋ& !X.6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h7. ]Ɋ& !X.7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`8. ]Ɋ& !X.8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`9. ]Ɋ& !X.9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`:. ]Ɋ& !X.: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;. ]Ɋ& !.; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56646a20-77db-4e39-9256-3d6f55dce0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<. ]Ɋ& !.< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca941a97-d42d-4294-a920-d6af9efda50a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56646a20-77db-4e39-9256-3d6f55dce0a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(=-/ ]Ɋ& !X-/= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@>-/ ]Ɋ& !X-/> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b@**@?-/ ]Ɋ& !X-/? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8@-/ ]Ɋ& !X-/@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8A-/ ]Ɋ& !X-/A F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1f8**8B-/ ]Ɋ& !X-/B F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**C-/ ]Ɋ& !-/C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f30764d-3a8b-44e3-b7fb-fedb54b2dce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**Dķ/ ]Ɋ& !ķ/D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a214aa25-d88f-4835-830c-7badcf334f92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f30764d-3a8b-44e3-b7fb-fedb54b2dce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**XE0 ]Ɋ& !X0E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pF0 ]Ɋ& !X0F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pG0 ]Ɋ& !X0G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hH0 ]Ɋ& !X0H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hI0 ]Ɋ& !X0I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hJ0 ]Ɋ& !X0J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**K0 ]Ɋ&  !0K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45ebdb47-6cee-4432-bf2b-2f27254728a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L2 ]Ɋ& !2L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=97af5cf6-7b54-4738-aee3-9111ea342f32 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45ebdb47-6cee-4432-bf2b-2f27254728a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **M2 ]Ɋ& '!X2M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**N2 ]Ɋ& ?!X2N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O2 ]Ɋ& ;!X2O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**P2 ]Ɋ& 3!X2P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Q2 ]Ɋ& 3!X2Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**R2 ]Ɋ& 5!X2R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0S2 ]Ɋ& !2S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@T2 ]Ɋ& !2T F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce8839bd-141c-479b-9d92-fa817a1d4581 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 @pelineId=  ]Ɋ& maX\U F&6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnkUUhPN3q9^uMu=VysMc&&**U\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X\U F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**V\ ]Ɋ& A!X\V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**W\ ]Ɋ& =!X\W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**X\ ]Ɋ& 5!X\X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Y\ ]Ɋ& 5!X\Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5d**Z\ ]Ɋ& 7!X\Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0[\ ]Ɋ& !\[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25b17776-d6f5-4898-bcbf-e2a2e1c01b09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@\\ ]Ɋ& !\\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad621d83-087c-4076-b5cc-03f0270fd00b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25b17776-d6f5-4898-bcbf-e2a2e1c01b09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X]%\ ]Ɋ& !X%\] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^%\ ]Ɋ& !X%\^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h_%\ ]Ɋ& !X%\_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``%\ ]Ɋ& !X%\` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`a%\ ]Ɋ& !X%\a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hb%\ ]Ɋ& !X%\b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**c%\ ]Ɋ&  !%\c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cce4c17-856f-41cf-9026-14853245743a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **d%\ ]Ɋ& !%\d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9f0e9a8-0fe5-42c8-a14c-31b3076dd519 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cce4c17-856f-41cf-9026-14853245743a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8e%\ ]Ɋ& !X%\e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**Pf%\ ]Ɋ& !X%\f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**Pg%\ ]Ɋ& !X%\g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**Hh%\ ]Ɋ& !X%\h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Hi%\ ]Ɋ& !X%\i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hj%\ ]Ɋ& !X%\j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**k%\ ]Ɋ& !%\k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e53e9b4-7cf8-453c-b210-124a2c124346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**l\ ]Ɋ& !\l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6baaf12-36b8-498b-97d2-4419bda90c43 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e53e9b4-7cf8-453c-b210-124a2c124346 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm\ ]Ɋ& !X\m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pn\ ]Ɋ& !X\n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**ho\ ]Ɋ& !X\o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`p\ ]Ɋ& !X\p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`q\ ]Ɋ& !X\q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`r\ ]Ɋ& !X\r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**s\ ]Ɋ& !\s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50c1478f-ac8a-4280-b431-60bea8901268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **t\ ]Ɋ& !\t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67721527-6c84-4814-852c-99b51acf12b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50c1478f-ac8a-4280-b431-60bea8901268 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(u\ ]Ɋ& !X\u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v\ ]Ɋ& !X\v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@w\ ]Ɋ& !X\w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8x\ ]Ɋ& !X\x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8y\ ]Ɋ& !X\y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8z\ ]Ɋ& !X\z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**{\ ]Ɋ& !\{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8980480d-dff2-442a-8e61-d31da8557adc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|\ ]Ɋ& !\| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a50bfb13-aee1-4866-a536-10f8901b3fa5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8980480d-dff2-442a-8e61-d31da8557adc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X}\ ]Ɋ& !X\} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p~\ ]Ɋ& !X\~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b47p**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ph**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b474f69e-05a4-430e-ada3-034d8e75e92a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a35886e-255e-4b31-9c98-8782b4391dcb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b474f69e-05a4-430e-ada3-034d8e75e92a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**\ ]Ɋ& '!X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**\ ]Ɋ& ?!X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9b-9d92-fa81 ]Ɋ& reX\ F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=22461292-a3b5-40a0-bcdc-88dc4c59304a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 @pelineId=  ]Ɋ& maX\U F&6d13 Pipel ]Ɋ& meXjU-% F&e=ElfChnk@W%Mu=VysMc&&** \ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X\ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\ ]Ɋ& 3!X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\ ]Ɋ& 3!X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=027**\ ]Ɋ& 5!X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0\ ]Ɋ& !\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36f65a9e-d2eb-44fc-9dd6-35f2f88febd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ݷ\ ]Ɋ& !ݷ\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b402b398-890b-4de1-bfa3-9481d88e5b81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36f65a9e-d2eb-44fc-9dd6-35f2f88febd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**g ]Ɋ& )!Xg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **g ]Ɋ& A!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**g ]Ɋ& 5!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**g ]Ɋ& 5!Xg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**g ]Ɋ& 7!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0g ]Ɋ& !g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eb7258c1-2338-4f73-80fc-ac8567fc1f9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@3 ]Ɋ& !3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23e27a85-1ca1-44b3-acc2-026773117892 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eb7258c1-2338-4f73-80fc-ac8567fc1f9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X̲ ]Ɋ& !X̲ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p̲ ]Ɋ& !X̲ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h̲ ]Ɋ& !X̲ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`̲ ]Ɋ& !X̲ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`̲ ]Ɋ& !X̲ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h̲ ]Ɋ& !X̲ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**̲ ]Ɋ&  !̲ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cc3cae0-5ae1-4486-b918-8919a7026220 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**̲ ]Ɋ& !̲ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5286ac2c-5d83-47df-8697-925cf0f89599 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cc3cae0-5ae1-4486-b918-8919a7026220 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8̲ ]Ɋ& !X̲ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P̲ ]Ɋ& !X̲ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P̲ ]Ɋ& !X̲ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H̲ ]Ɋ& !X̲ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=qH**H̲ ]Ɋ& !X̲ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H̲ ]Ɋ& !X̲ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**̲ ]Ɋ& !̲ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29359d05-949d-4e47-95cd-4d8740114ff8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+e ]Ɋ& !+e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89d616e4-79a8-4919-a367-2fb376d7227c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29359d05-949d-4e47-95cd-4d8740114ff8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X+e ]Ɋ& !X+e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p+e ]Ɋ& !X+e F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h+e ]Ɋ& !X+e F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`+e ]Ɋ& !X+e F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3f`**`+e ]Ɋ& !X+e F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`+e ]Ɋ& !X+e F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+e ]Ɋ& !+e F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06d0716-1aa4-4585-8aac-afccd2c54078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**+e ]Ɋ& !+e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfee2f59-a3aa-4212-aefd-44149a457d9f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06d0716-1aa4-4585-8aac-afccd2c54078 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=42a**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b7c1fc5d-59a2-473c-ae70-d75efbd819ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c9b25d6-7776-4f43-99a5-97e70cf6f6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b7c1fc5d-59a2-473c-ae70-d75efbd819ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**Xǵ ]Ɋ& !Xǵ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pǵ ]Ɋ& !Xǵ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pǵ ]Ɋ& !Xǵ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hǵ ]Ɋ& !Xǵ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hǵ ]Ɋ& !Xǵ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkH>;Mu=VysMc&&**p ǵ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xǵ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **ǵ ]Ɋ&  !ǵ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62ee7041-cf23-420f-84ec-3b1b2ccb179d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**` ]Ɋ& !` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f615f860-1ecb-4eed-9da7-19469d639e87 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62ee7041-cf23-420f-84ec-3b1b2ccb179d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**` ]Ɋ& '!X` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**` ]Ɋ& ?!X` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**` ]Ɋ& ;!X` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**` ]Ɋ& 3!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**` ]Ɋ& 3!X` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **` ]Ɋ& 5!X` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0` ]Ɋ& !` F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ee1f746f-b18d-4912-bed9-19877253dbca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=670**@H ]Ɋ& !H F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a1538b78-e690-4413-aba8-ebca4174ac4d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ee1f746f-b18d-4912-bed9-19877253dbca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**y# ]Ɋ& )!Xy# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**y# ]Ɋ& A!Xy# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**y# ]Ɋ& =!Xy# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**y# ]Ɋ& 5!Xy# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**y# ]Ɋ& 5!Xy# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**y# ]Ɋ& 7!Xy# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**09# ]Ɋ& !9# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=380b7ede-b36a-4ecf-b8a4-2831a340b3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@Ъ# ]Ɋ& !Ъ# F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7548cf53-224b-4ef9-a9ab-44e6c7599573 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=380b7ede-b36a-4ecf-b8a4-2831a340b3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XЪ# ]Ɋ& !XЪ# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pЪ# ]Ɋ& !XЪ# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hЪ# ]Ɋ& !XЪ# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Ъ# ]Ɋ& !XЪ# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Ъ# ]Ɋ& !XЪ# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hЪ# ]Ɋ& !XЪ# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**fC# ]Ɋ&  !fC# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e5c40784-8394-4386-b4cf-3e04a62e2492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**fC# ]Ɋ& !fC# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66ee3fc8-3873-4a8b-a164-83234dc32073 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e5c40784-8394-4386-b4cf-3e04a62e2492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8fC# ]Ɋ& !XfC# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**PfC# ]Ɋ& !XfC# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**PfC# ]Ɋ& !XfC# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**HfC# ]Ɋ& !XfC# F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HfC# ]Ɋ& !XfC# F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HfC# ]Ɋ& !XfC# F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**fC# ]Ɋ& !fC# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9502bd2e-9c71-425c-b128-e145b0b0377d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fC# ]Ɋ& !fC# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e641a09-880f-4c17-9811-9f7711a44457 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9502bd2e-9c71-425c-b128-e145b0b0377d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X۩# ]Ɋ& !X۩# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p۩# ]Ɋ& !X۩# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h۩# ]Ɋ& !X۩# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`۩# ]Ɋ& !X۩# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`۩# ]Ɋ& !X۩# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`۩# ]Ɋ& !X۩# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**۩# ]Ɋ& !۩# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79cfaebb-609c-44cb-875c-cbd9e534faee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**۩# ]Ɋ& !۩# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=632f751b-3ace-4c8d-92e1-1914e5aa661c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79cfaebb-609c-44cb-875c-cbd9e534faee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(t# ]Ɋ& !Xt# F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@t# ]Ɋ& !Xt# F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@t# ]Ɋ& !Xt# F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8t# ]Ɋ& !Xt# F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8t# ]Ɋ& !Xt# F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8t# ]Ɋ& !Xt# F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**t# ]Ɋ& !t# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34e81e50-0148-4ddb-9233-81c820e83c34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*** # ]Ɋ& !* # F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cac96a9-8be2-4637-a651-f2651a717b1d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34e81e50-0148-4ddb-9233-81c820e83c34 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XW># F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkHMu=VysMc&&**` W># ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XW># F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pW># ]Ɋ& !XW># F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pW># ]Ɋ& !XW># F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hW># ]Ɋ& !XW># F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hW># ]Ɋ& !XW># F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hW># ]Ɋ& !XW># F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**W># ]Ɋ&  !W># F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be553011-b582-4447-aa05-6b54bf9611b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**֬# ]Ɋ& !֬# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3005a297-4d17-4a7b-8e39-4fca19bfd0b7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be553011-b582-4447-aa05-6b54bf9611b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**֬# ]Ɋ& '!X֬# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**֬# ]Ɋ& ?!X֬# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**֬# ]Ɋ& ;!X֬# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-a**֬# ]Ɋ& 3!X֬# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**֬# ]Ɋ& 3!X֬# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a9a**֬# ]Ɋ& 5!X֬# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0o# ]Ɋ& !o# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=94812466-bba8-4729-9f2c-a2c01ce976b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@# ]Ɋ& !# F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd23c24-fcf8-40b9-986b-99df10223d7e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=94812466-bba8-4729-9f2c-a2c01ce976b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**! ]Ɋ& )!X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**! ]Ɋ& A!X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **! ]Ɋ& =!X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**! ]Ɋ& 5!X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**! ]Ɋ& 5!X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **! ]Ɋ& 7!X! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0h]! ]Ɋ& !h]! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=792f757e-f1b1-4aa4-baf4-8cccf9201eca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@! ]Ɋ& !! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfc30b08-8e06-49ae-830b-ec8317c993f5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=792f757e-f1b1-4aa4-baf4-8cccf9201eca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X! ]Ɋ& !X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fX**p! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h! ]Ɋ& !X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`! ]Ɋ& !X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**` ! ]Ɋ& !X!  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h ! ]Ɋ& !X!  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih** ! ]Ɋ&  !!  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67ea6f7d-7e37-4c9c-b2fd-40e1184edc18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con** ! ]Ɋ& !!  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95cfb98d-eba2-4b0f-b9ce-80981dd1e1ce HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67ea6f7d-7e37-4c9c-b2fd-40e1184edc18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8 ! ]Ɋ& !X!  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P! ]Ɋ& !X! F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H! ]Ɋ& !X! F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H! ]Ɋ& !X! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H! ]Ɋ& !X! F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**! ]Ɋ& !! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f880d0d-df22-4f15-ac3c-0f5c2eb12c69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c556d3f-edd8-4035-a008-ba49c9828100 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f880d0d-df22-4f15-ac3c-0f5c2eb12c69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X! ]Ɋ& !X! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p! ]Ɋ& !X! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h! ]Ɋ& !X! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`! ]Ɋ& !X! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`! ]Ɋ& !X! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**! ]Ɋ& !! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d65cbf2-e1c2-4885-a691-074bf4350ccf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fb1aceb-4381-43ea-8c41-dff178eef605 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d65cbf2-e1c2-4885-a691-074bf4350ccf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(+'! ]Ɋ& !X+'! F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@+'! ]Ɋ& !X+'! F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X+'! F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkOOPFgMu=VysMc&&**@ +'! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X+'! F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8 +'! ]Ɋ& !X+'!  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8!+'! ]Ɋ& !X+'!! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8"+'! ]Ɋ& !X+'!" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**#+'! ]Ɋ& !+'!# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=25b86a26-6d7f-4408-9ef1-691e77f71fec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**$¿! ]Ɋ& !¿!$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7e5721a-8ef5-424b-a7b7-faf8472d3f82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=25b86a26-6d7f-4408-9ef1-691e77f71fec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X%XX! ]Ɋ& !XXX!% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p&XX! ]Ɋ& !XXX!& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p'XX! ]Ɋ& !XXX!' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h(XX! ]Ɋ& !XXX!( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h)XX! ]Ɋ& !XXX!) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h*XX! ]Ɋ& !XXX!* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**+XX! ]Ɋ&  !XX!+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d55e1813-7294-49b5-92df-86b77d63b593 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**,! ]Ɋ& !!, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=163fdb8f-6003-4e1e-9af1-3f7f920b4deb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d55e1813-7294-49b5-92df-86b77d63b593 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**-! ]Ɋ& '!X!- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**.! ]Ɋ& ?!X!. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**/! ]Ɋ& ;!X!/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-49**0! ]Ɋ& 3!X!0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****1! ]Ɋ& 3!X!1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ae**2! ]Ɋ& 5!X!2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03! ]Ɋ& !!3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=18ca117b-4685-44f7-b5fa-1205f1fd1916 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@4"! ]Ɋ& !"!4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b12f9803-0902-487f-9b4b-19a534f32b58 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=18ca117b-4685-44f7-b5fa-1205f1fd1916 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**5D^~ ]Ɋ& )!XD^~5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**6D^~ ]Ɋ& A!XD^~6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**7D^~ ]Ɋ& =!XD^~7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**8D^~ ]Ɋ& 5!XD^~8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**9D^~ ]Ɋ& 5!XD^~9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1**:D^~ ]Ɋ& 7!XD^~: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0;D^~ ]Ɋ& !D^~; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffe94ac3-f711-43e6-ac7e-37fb38d6a97e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@<p_~ ]Ɋ& !p_~< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73bd532b-baea-4533-9cbd-5720357ed8ed HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffe94ac3-f711-43e6-ac7e-37fb38d6a97e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X=q `~ ]Ɋ& !Xq `~= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p>q `~ ]Ɋ& !Xq `~> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?q `~ ]Ɋ& !Xq `~? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`@q `~ ]Ɋ& !Xq `~@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Aq `~ ]Ɋ& !Xq `~A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hBq `~ ]Ɋ& !Xq `~B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**Cq `~ ]Ɋ&  !q `~C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c0385a2-e9c4-46e6-849b-b8d6226b5968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**Dq `~ ]Ɋ& !q `~D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0be0abd3-dc0c-4f46-94c6-9076edd734f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c0385a2-e9c4-46e6-849b-b8d6226b5968 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8Eq `~ ]Ɋ& !Xq `~E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PFq `~ ]Ɋ& !Xq `~F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PGq `~ ]Ɋ& !Xq `~G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HHq `~ ]Ɋ& !Xq `~H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HIq `~ ]Ɋ& !Xq `~I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HJq `~ ]Ɋ& !Xq `~J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**Kq `~ ]Ɋ& !q `~K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=627e13fd-2ed5-46c3-a7c9-785ac9d06bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**Lq `~ ]Ɋ& !q `~L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07d8ec77-ec1c-4b60-ad00-cb5fa7a65036 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=627e13fd-2ed5-46c3-a7c9-785ac9d06bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XM`~ ]Ɋ& !X`~M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!X**pN`~ ]Ɋ& !X`~N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hO`~ ]Ɋ& !X`~O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X`~P F&CommandPath= CommandLine= @riptName=  ]Ɋ& X+'! F&Xǵ F&]Ɋ& meXjU-% F&e=ElfChnkPPX[wٶrMu=VysMc&&**hP`~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X`~P F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`Q`~ ]Ɋ& !X`~Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`R`~ ]Ɋ& !X`~R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**S`~ ]Ɋ& !`~S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8f236c6-bbff-43b1-adaa-39baa6085378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **T`~ ]Ɋ& !`~T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c813360-96c2-471b-b428-6e5debea3e3d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8f236c6-bbff-43b1-adaa-39baa6085378 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(U`~ ]Ɋ& !X`~U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@V`~ ]Ɋ& !X`~V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@W`~ ]Ɋ& !X`~W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8X`~ ]Ɋ& !X`~X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8Y`~ ]Ɋ& !X`~Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8Z`~ ]Ɋ& !X`~Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**[`~ ]Ɋ& !`~[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aa645929-3d58-4cc5-bb9e-12d5f4b65dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**\:a~ ]Ɋ& !:a~\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90cdb447-4a12-478d-a7c5-5f0d173631f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aa645929-3d58-4cc5-bb9e-12d5f4b65dff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X]bc~ ]Ɋ& !Xbc~] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p^bc~ ]Ɋ& !Xbc~^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p_bc~ ]Ɋ& !Xbc~_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`bc~ ]Ɋ& !Xbc~` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**habc~ ]Ɋ& !Xbc~a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hbbc~ ]Ɋ& !Xbc~b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1h**cbc~ ]Ɋ&  !bc~c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3883874e-2dc5-4d98-959f-dc46335dd0fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **dc~ ]Ɋ& !c~d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44c33be4-d93e-4f3f-9d41-7966aec75eb0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3883874e-2dc5-4d98-959f-dc46335dd0fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**ec~ ]Ɋ& '!Xc~e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**fc~ ]Ɋ& ?!Xc~f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**gc~ ]Ɋ& ;!Xc~g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**hc~ ]Ɋ& 3!Xc~h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**ic~ ]Ɋ& 3!Xc~i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**jc~ ]Ɋ& 5!Xc~j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0kc~ ]Ɋ& !c~k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef181039-920a-44ec-9380-25032b519614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6a0**@l5d~ ]Ɋ& !5d~l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=624e4f46-636d-4d28-aad1-675f4a3c3287 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef181039-920a-44ec-9380-25032b519614 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**m A ]Ɋ& )!X Am F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**n A ]Ɋ& A!X An F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o A ]Ɋ& =!X Ao F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **p A ]Ɋ& 5!X Ap F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**q A ]Ɋ& 5!X Aq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**r A ]Ɋ& 7!X Ar F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0s A ]Ɋ& ! As F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71512d70-6cd1-48f5-9e9f-fb7890a74ac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@tA ]Ɋ& !At F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65b11f97-575b-4e4e-854f-0560ae9804aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71512d70-6cd1-48f5-9e9f-fb7890a74ac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0b@**XuF^Mu=VysMc&&**HF9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b7e653f-7217-4199-9d2b-e5bc372d74ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**HF9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**X ]Ɋ&  !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c44135a8-cdf1-4734-92dc-da091585e14a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3e64634-134c-43e9-bb4d-2b74375024c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c44135a8-cdf1-4734-92dc-da091585e14a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8X ]Ɋ& !XX F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PX ]Ɋ& !XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PX ]Ɋ& !XX F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HX ]Ɋ& !XX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HX ]Ɋ& !XX F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HX ]Ɋ& !XX F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**X ]Ɋ& !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcd195aa-152c-4077-84d6-081f63c23f1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**﫩 ]Ɋ& !﫩 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acb75fa8-ee1d-46a2-a13c-1ca4cc0579c6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcd195aa-152c-4077-84d6-081f63c23f1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**X﫩 ]Ɋ& !X﫩 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p﫩 ]Ɋ& !X﫩 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h﫩 ]Ɋ& !X﫩 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`﫩 ]Ɋ& !X﫩 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`﫩 ]Ɋ& !X﫩 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`﫩 ]Ɋ& !X﫩 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**﫩 ]Ɋ& !﫩 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea407499-b337-4dd6-b96b-5e8b29987623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**﫩 ]Ɋ& !﫩 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8428fdb-6fe0-4dc9-84cb-fc88726d5d2c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea407499-b337-4dd6-b96b-5e8b29987623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(﫩 ]Ɋ& !X﫩 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@﫩 ]Ɋ& !X﫩 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@﫩 ]Ɋ& !X﫩 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8﫩 ]Ɋ& !X﫩 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8﫩 ]Ɋ& !X﫩 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8﫩 ]Ɋ& !X﫩 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**﫩 ]Ɋ& !﫩 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3abb4c56-dd91-430c-82d2-0ee27b27dd94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6520106d-3515-4f16-8b73-114e78667e32 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3abb4c56-dd91-430c-82d2-0ee27b27dd94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hu ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hu ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dd08ca0-06d1-4ba8-a4ab-d444042d9fc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I ]Ɋ& !I F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5020138d-f61e-4cd4-817a-2b2f0a44ecd1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2dd08ca0-06d1-4ba8-a4ab-d444042d9fc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**I ]Ɋ& '!XI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**I ]Ɋ& ?!XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**I ]Ɋ& ;!XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**I ]Ɋ& 3!XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **I ]Ɋ& 3!XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**I ]Ɋ& 5!XI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0I ]Ɋ& !I F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba8ef576-180b-442b-b96c-df348166a1d8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@v? ]Ɋ& !v? F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e2f5f7b-f027-4f48-88d0-1227ecfea7a8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba8ef576-180b-442b-b96c-df348166a1d8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f45d@**md ]Ɋ& )!Xmd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**md ]Ɋ& A!Xmd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**md ]Ɋ& =!Xmd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24**md ]Ɋ& 5!Xmd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**md ]Ɋ& 5!Xmd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkM;&qMu=VysMc&&**8md ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !md F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=040ea8fa-4892-4bc9-be6e-5f914f410700 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=040ea8fa-4892-4bc9-be6e-5f914f410700 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e7f8403-3337-4a04-919b-db614100c9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac3e5525-ed62-425c-8038-22501b0dc273 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e7f8403-3337-4a04-919b-db614100c9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fbbe63b-d0d0-4e26-a069-259845379579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ada21304-75c5-49cf-857b-eb3d9084c9e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fbbe63b-d0d0-4e26-a069-259845379579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ea4X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ea64672-212a-4c2f-bb76-97e063f0cd69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**1. ]Ɋ& !1. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dfaa0c2-9e97-4af9-ac5f-d0849d5a729d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ea64672-212a-4c2f-bb76-97e063f0cd69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(1. ]Ɋ& !X1. F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@1. ]Ɋ& !X1. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@1. ]Ɋ& !X1. F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**81. ]Ɋ& !X1. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**81. ]Ɋ& !X1. F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**81. ]Ɋ& !X1. F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**1. ]Ɋ& !1. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b321f88f-4cf8-43c2-8564-c8bc9ac803e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**ƨ ]Ɋ& !ƨ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d69f962-e7a7-4ab6-8881-370bac36703b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b321f88f-4cf8-43c2-8564-c8bc9ac803e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ee7724e-39d2-4e73-86fc-60ed04ef2ac3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39009cc0-3416-4989-9410-43c41b6c5f01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ee7724e-39d2-4e73-86fc-60ed04ef2ac3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var** !) ]Ɋ& '!X!)  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**!) ]Ɋ& ?!X!) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& ;!X!) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& 3!X!) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**!) ]Ɋ& 3!X!) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!) ]Ɋ& 5!X!) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35!) F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkDDH-Mu=VysMc&&**8 !) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!) F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=90fc3b4a-49d9-419a-9bde-3b28f69cdcab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-08 **@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d72c3bef-ad9d-4c79-8cee-ff37110ad649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=90fc3b4a-49d9-419a-9bde-3b28f69cdcab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**G1j ]Ɋ& )!XG1j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**G1j ]Ɋ& A!XG1j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **G1j ]Ɋ& =!XG1j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **G1j ]Ɋ& 5!XG1j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c**G1j ]Ɋ& 5!XG1j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**G1j ]Ɋ& 7!XG1j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0j ]Ɋ& !j F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44636ed8-d2c2-437f-b45d-87d34b592ef3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@tbk ]Ɋ& !tbk F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da4ec8e1-3c7a-4db1-8ef6-58ed047fabaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44636ed8-d2c2-437f-b45d-87d34b592ef3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**Xtbk ]Ɋ& !Xtbk F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ptbk ]Ɋ& !Xtbk F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**htbk ]Ɋ& !Xtbk F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` tbk ]Ɋ& !Xtbk  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!tbk ]Ɋ& !Xtbk! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"tbk ]Ɋ& !Xtbk" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#tbk ]Ɋ&  !tbk# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4713a192-7037-4ded-9707-06add850d35d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**$ k ]Ɋ& ! k$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51cc8960-c7ca-4eab-a3b8-a2309eabe467 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4713a192-7037-4ded-9707-06add850d35d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8% k ]Ɋ& !X k% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P& k ]Ɋ& !X k& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P' k ]Ɋ& !X k' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H( k ]Ɋ& !X k( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H) k ]Ɋ& !X k) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H* k ]Ɋ& !X k* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+ k ]Ɋ& ! k+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d40f8bb5-6aeb-4622-a952-d56761b244be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**, k ]Ɋ& ! k, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30f35d8e-6a5e-4b53-b4dd-a3df6d1d2880 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d40f8bb5-6aeb-4622-a952-d56761b244be PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X- k ]Ɋ& !X k- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p. k ]Ɋ& !X k. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h/ k ]Ɋ& !X k/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`0 k ]Ɋ& !X k0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9`**`1 k ]Ɋ& !X k1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`2 k ]Ɋ& !X k2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3 k ]Ɋ& ! k3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84a4a065-c4c3-4b31-a700-341d94a42735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**4l ]Ɋ& !l4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e15eed5-0aec-458c-b294-fe9c4c53c516 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84a4a065-c4c3-4b31-a700-341d94a42735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(5l ]Ɋ& !Xl5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@6l ]Ɋ& !Xl6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@7l ]Ɋ& !Xl7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**88l ]Ɋ& !Xl8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**89l ]Ɋ& !Xl9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8:l ]Ɋ& !Xl: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**;l ]Ɋ& !l; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec28260e-400b-4c57-833d-9bd27133a000 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**<7,m ]Ɋ& !7,m< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c5f8fca-52a3-4cba-86d0-0e20ffc259a1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec28260e-400b-4c57-833d-9bd27133a000 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X=o ]Ɋ& !Xo= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p>o ]Ɋ& !Xo> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p?o ]Ɋ& !Xo? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h@o ]Ɋ& !Xo@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hAo ]Ɋ& !XoA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hBo ]Ɋ& !XoB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**Co ]Ɋ&  !oC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385ee39e-ee16-4db0-906d-367f2f1d6f2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**D('p ]Ɋ& !('pD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20d45f13-2cd6-4da4-8e79-aba0242c11bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385ee39e-ee16-4db0-906d-367f2f1d6f2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35!) ]Ɋ&  CX('pE F&ommandPath= CommandLine=wP**md ]Ɋ& 7!Xmd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd84e5c-0bac-4774-a58d-89c66490dc2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkEwEw(Q\sBMu=VysMc&&** E('p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X('pE F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **F('p ]Ɋ& ?!X('pF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**G('p ]Ɋ& ;!X('pG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **H('p ]Ɋ& 3!X('pH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**I('p ]Ɋ& 3!X('pI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**J('p ]Ɋ& 5!X('pJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0K('p ]Ɋ& !('pK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4a58c69-5e4e-4734-8f65-deca7fe05b88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@Lp ]Ɋ& !pL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5a0bce81-7716-41c1-aafc-bc0c03b2f8af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4a58c69-5e4e-4734-8f65-deca7fe05b88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**M'9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hyrn® ]Ɋ& !Xrn®y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hzrn® ]Ɋ& !Xrn®z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**{rn® ]Ɋ&  !rn®{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2752d577-cb3d-4447-a0cc-5852f19c82d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**|2o® ]Ɋ& !2o®| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8990cd4b-b8f7-45c4-848a-bdbbf7b31c77 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2752d577-cb3d-4447-a0cc-5852f19c82d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**}2o® ]Ɋ& '!X2o®} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**~2o® ]Ɋ& ?!X2o®~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2o® ]Ɋ& ;!X2o® F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**2o® ]Ɋ& 3!X2o® F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2o® ]Ɋ& 3!X2o® F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**2o® ]Ɋ& 5!X2o® F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0o® ]Ɋ& !o® F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=de7f73df-1c0e-4b16-b976-0a3b0504c350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@5cp® ]Ɋ& !5cp® F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25f65359-44ed-4a52-9774-5821acc9c72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=de7f73df-1c0e-4b16-b976-0a3b0504c350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**O% ]Ɋ& )!XO% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O% ]Ɋ& A!XO% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**O% ]Ɋ& =!XO% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**O% ]Ɋ& 5!XO% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **O% ]Ɋ& 5!XO% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**O% ]Ɋ& 7!XO% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0O% ]Ɋ& !O% F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4351086-6acc-418a-b203-9953bfa1a016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@|ز% ]Ɋ& !|ز% F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2a03475-ec31-4e49-b20e-62d25ad1221c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4351086-6acc-418a-b203-9953bfa1a016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**Xq% ]Ɋ& !Xq% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pq% ]Ɋ& !Xq% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hq% ]Ɋ& !Xq% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`q% ]Ɋ& !Xq% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`q% ]Ɋ& !Xq% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hq% ]Ɋ& !Xq% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**q% ]Ɋ&  !q% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a37e87c-e31d-476e-90fa-75f67f950457 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli** % ]Ɋ& ! % F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ab1f0b2-7a07-48eb-bd5a-324960395d6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a37e87c-e31d-476e-90fa-75f67f950457 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8@% ]Ɋ& !X@% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-8**P@% ]Ɋ& !X@% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9bP**P@% ]Ɋ& !X@% F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H@% ]Ɋ& !X@% F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H@% ]Ɋ& !X@% F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H@% ]Ɋ& !X@% F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**:% ]Ɋ& !:% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d170c2fe-9e2b-41ff-b1b3-c98b4d615764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**:% ]Ɋ& !:% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56cbd957-2ffa-4755-8c27-32911532066a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d170c2fe-9e2b-41ff-b1b3-c98b4d615764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xmӵ% ]Ɋ& !Xmӵ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pmӵ% ]Ɋ& !Xmӵ% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hmӵ% ]Ɋ& !Xmӵ% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`mӵ% ]Ɋ& !Xmӵ% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`mӵ% ]Ɋ& !Xmӵ% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`mӵ% ]Ɋ& !Xmӵ% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**mӵ% ]Ɋ& !mӵ% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ab93037-64e2-479d-9021-34963df35fb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**mӵ% ]Ɋ& !mӵ% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9dac1f2d-2d4e-44df-b87a-44556070bc19 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ab93037-64e2-479d-9021-34963df35fb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(l% ]Ɋ& !Xl% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@l% ]Ɋ& !Xl% F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@l% ]Ɋ& !Xl% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8l% ]Ɋ& !Xl% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8l% ]Ɋ& !Xl% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8l% ]Ɋ& !Xl% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk@gfMMu=VysMc&&** l% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!l% F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=826c6d2d-f6a0-4f68-b11c-482c45597551 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **% ]Ɋ& !% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a1210764-a8dc-46c4-b765-6b2f957d782a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=826c6d2d-f6a0-4f68-b11c-482c45597551 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X]θ% ]Ɋ& !X]θ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p]θ% ]Ɋ& !X]θ% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p]θ% ]Ɋ& !X]θ% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h]θ% ]Ɋ& !X]θ% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**h]θ% ]Ɋ& !X]θ% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h]θ% ]Ɋ& !X]θ% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**]θ% ]Ɋ&  !]θ% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12109e78-e5a1-4875-a9d6-8094b616918c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2o**f% ]Ɋ& !f% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dbef1f1-5d6e-4b00-b54f-c95acd5656a8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12109e78-e5a1-4875-a9d6-8094b616918c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**f% ]Ɋ& '!Xf% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**f% ]Ɋ& ?!Xf% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& ;!Xf% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& 3!Xf% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**f% ]Ɋ& 3!Xf% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f% ]Ɋ& 5!Xf% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0f% ]Ɋ& !f% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23ce8d-4cef-4659-9d45-408650fee690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@!% ]Ɋ& !!% F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5cb8e0-5c4d-4a42-957b-7dfb18085d8e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23ce8d-4cef-4659-9d45-408650fee690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**.g ]Ɋ& )!X.g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**.g ]Ɋ& A!X.g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eb-b**.g ]Ɋ& =!X.g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**.g ]Ɋ& 5!X.g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**.g ]Ɋ& 5!X.g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**.g ]Ɋ& 7!X.g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0.g ]Ɋ& !.g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f34e0108-9083-4bb1-a3a1-aab3adb15788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=853ee1ed-503b-4d41-b166-bc5db19977a4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f34e0108-9083-4bb1-a3a1-aab3adb15788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**X[ ]Ɋ& !X[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**p[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**h[ ]Ɋ& !X[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`[ ]Ɋ& !X[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`[ ]Ɋ& !X[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h[ ]Ɋ& !X[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03df03b9-f9a7-4432-89d8-cedf92c77799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1bd24fb5-c7bf-47d5-a908-7944f1d87d74 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03df03b9-f9a7-4432-89d8-cedf92c77799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:**8[ ]Ɋ& !X[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**P[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**P[ ]Ɋ& !X[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H[ ]Ɋ& !X[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H[ ]Ɋ& !X[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**H[ ]Ɋ& !X[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cb841e5-75df-4dff-9d1b-ae2d1a61378c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5f02aed-f8c7-4a56-8625-e7b145c28953 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cb841e5-75df-4dff-9d1b-ae2d1a61378c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X0 ]Ɋ& !X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**p0 ]Ɋ& !X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**h0 ]Ɋ& !X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`0 ]Ɋ& !X0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`0 ]Ɋ& !X0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**0 ]Ɋ& !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d63fb0-cbbc-47c6-85de-86eb500a7e97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**0 ]Ɋ& !0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ca4622e-d6a4-4107-a8d3-d9873161b5aa HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d63fb0-cbbc-47c6-85de-86eb500a7e97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX0 F&ndPath= CommandLine=8F& ElfChnk rm:Mu=VysMc&&**0 0 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X0 F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@0 ]Ɋ& !X0 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@0 ]Ɋ& !X0 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**80 ]Ɋ& !X0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**80 ]Ɋ& !X0 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 8**80 ]Ɋ& !X0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**0 ]Ɋ& !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8fed32c-c1ae-4e2d-a34c-802b73ad7d6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]θ**ɻ ]Ɋ& !ɻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84c77f85-438d-45da-a60c-530dfd25a1ae HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8fed32c-c1ae-4e2d-a34c-802b73ad7d6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68ffd56d-fa0e-4321-9876-04e590c1e764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**K ]Ɋ& !K F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd0727f7-40db-4f7f-bf6d-f4954525cf29 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68ffd56d-fa0e-4321-9876-04e590c1e764 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e0-**+ ]Ɋ& '!X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**+ ]Ɋ& ?!X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**+ ]Ɋ& ;!X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **+ ]Ɋ& 3!X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**+ ]Ɋ& 3!X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **+ ]Ɋ& 5!X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0+ ]Ɋ& !+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7847c1f6-879b-437e-9f5d-6b0137f6353e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@xľ ]Ɋ& !xľ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da3bdc51-abe3-4cec-bac3-923b0c8f47f8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7847c1f6-879b-437e-9f5d-6b0137f6353e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Q[Ե ]Ɋ& )!XQ[Ե F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**Q[Ե ]Ɋ& A!XQ[Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**Q[Ե ]Ɋ& =!XQ[Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**Q[Ե ]Ɋ& 5!XQ[Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c**Q[Ե ]Ɋ& 5!XQ[Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**Q[Ե ]Ɋ& 7!XQ[Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0Q[Ե ]Ɋ& !Q[Ե F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bee2bda7-077e-4bd1-8fc7-f72f33662144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Ե ]Ɋ& !Ե F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d8e8b7f-ebc5-4197-9440-baf897362d1e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bee2bda7-077e-4bd1-8fc7-f72f33662144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X~Ե ]Ɋ& !X~Ե F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**p~Ե ]Ɋ& !X~Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h~Ե ]Ɋ& !X~Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`~Ե ]Ɋ& !X~Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`~Ե ]Ɋ& !X~Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h~Ե ]Ɋ& !X~Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**~Ե ]Ɋ&  !~Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=037a0cbd-dbbf-4251-ac56-a8f0364b4515 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**~Ե ]Ɋ& !~Ե F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=add5b39a-3e4a-412b-b6a8-013328bc6b1a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=037a0cbd-dbbf-4251-ac56-a8f0364b4515 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8~Ե ]Ɋ& !X~Ե F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~Ե ]Ɋ& !X~Ե F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P~Ե ]Ɋ& !X~Ե F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H~Ե ]Ɋ& !X~Ե F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ~Ե ]Ɋ& !X~Ե  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ~Ե ]Ɋ& !X~Ե  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H** ~Ե ]Ɋ& !~Ե  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8af1d73c-06b4-4bb0-8ae5-651e3fb47f12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ~Ե ]Ɋ& !~Ե  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c31d5f3b-aad5-43a6-ac02-5a3307eb2a68 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8af1d73c-06b4-4bb0-8ae5-651e3fb47f12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X %Ե ]Ɋ& !X%Ե  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X%Ե F& F&ndPath= CommandLine=8F& ElfChnk>>@ATpтMu=VysMc&&**p%Ե ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X%Ե F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h%Ե ]Ɋ& !X%Ե F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`%Ե ]Ɋ& !X%Ե F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`%Ե ]Ɋ& !X%Ե F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7f`**`%Ե ]Ɋ& !X%Ե F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**%Ե ]Ɋ& !%Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ce3cf13-127e-480a-adcc-f1a7f36afc7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%Ե ]Ɋ& !%Ե F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08fd9317-6714-45cf-bf35-d858e8b894f1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ce3cf13-127e-480a-adcc-f1a7f36afc7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%Ե ]Ɋ& !X%Ե F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@%Ե ]Ɋ& !X%Ե F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@%Ե ]Ɋ& !X%Ե F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8%Ե ]Ɋ& !X%Ե F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8%Ե ]Ɋ& !X%Ե F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8%Ե ]Ɋ& !X%Ե F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**Ե ]Ɋ& !Ե F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c5e911b0-4060-4105-ae0b-a051de4c878d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**AVԵ ]Ɋ& !AVԵ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a21222d-67d4-4d7a-9e21-c60f7e28f86a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c5e911b0-4060-4105-ae0b-a051de4c878d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XԵ ]Ɋ& !XԵ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pԵ ]Ɋ& !XԵ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8p**pԵ ]Ɋ& !XԵ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h Ե ]Ɋ& !XԵ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h!Ե ]Ɋ& !XԵ! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h"Ե ]Ɋ& !XԵ" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#nԵ ]Ɋ&  !nԵ# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbcea947-05b9-4b4f-9657-376635db4878 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$nԵ ]Ɋ& !nԵ$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65cdd799-0c61-4e76-b5e2-0186769f081d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbcea947-05b9-4b4f-9657-376635db4878 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4ce**% Ե ]Ɋ& '!X Ե% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**& Ե ]Ɋ& ?!X Ե& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**' Ե ]Ɋ& ;!X Ե' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**( Ե ]Ɋ& 3!X Ե( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**) Ե ]Ɋ& 3!X Ե) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc*** Ե ]Ɋ& 5!X Ե* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0+ Ե ]Ɋ& ! Ե+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb6bbd91-d0cf-478e-9f45-31f3d48df448 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@,Ե ]Ɋ& !Ե, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93076c31-e123-4a0c-9380-24fd7d29aec0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=eb6bbd91-d0cf-478e-9f45-31f3d48df448 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**-t,M8 ]Ɋ& )!Xt,M8- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**.t,M8 ]Ɋ& A!Xt,M8. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**/t,M8 ]Ɋ& =!Xt,M8/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **0t,M8 ]Ɋ& 5!Xt,M80 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2b**1t,M8 ]Ɋ& 5!Xt,M81 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**2t,M8 ]Ɋ& 7!Xt,M82 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03t,M8 ]Ɋ& !t,M83 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d3e264c-5d3d-49fe-9feb-4640433cab94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@4 M8 ]Ɋ& ! M84 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed9f833a-9187-48b8-8091-2aef79756c27 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d3e264c-5d3d-49fe-9feb-4640433cab94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X5 M8 ]Ɋ& !X M85 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p6 M8 ]Ɋ& !X M86 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7 M8 ]Ɋ& !X M87 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`8 M8 ]Ɋ& !X M88 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`9 M8 ]Ɋ& !X M89 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h: M8 ]Ɋ& !X M8: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**; M8 ]Ɋ&  ! M8; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f993df85-141b-406b-a84b-00ea77500c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**<]N8 ]Ɋ& !]N8< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3235abf4-f44e-408d-8db9-e26350c8a859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f993df85-141b-406b-a84b-00ea77500c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8=]N8 ]Ɋ& !X]N8= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P>]N8 ]Ɋ& !X]N8> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk?o?o Z|~[Mu=VysMc&&**P?]N8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X]N8? F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H@]N8 ]Ɋ& !X]N8@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HA]N8 ]Ɋ& !X]N8A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HB]N8 ]Ɋ& !X]N8B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**C]N8 ]Ɋ& !]N8C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=089b9c67-8460-44e5-9c16-f8b175e57e6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**D]N8 ]Ɋ& !]N8D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=423ae214-6979-45df-a310-8dbbbbf67139 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=089b9c67-8460-44e5-9c16-f8b175e57e6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XE]N8 ]Ɋ& !X]N8E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pF]N8 ]Ɋ& !X]N8F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hG]N8 ]Ɋ& !X]N8G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`H]N8 ]Ɋ& !X]N8H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e`**`I]N8 ]Ɋ& !X]N8I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`J]N8 ]Ɋ& !X]N8J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**K]N8 ]Ɋ& !]N8K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1ace1cc-7699-470b-94d3-94b87491218b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**L]N8 ]Ɋ& !]N8L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3a01aef-ad7a-47e0-89da-beddac7d0732 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1ace1cc-7699-470b-94d3-94b87491218b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(M8N8 ]Ɋ& !X8N8M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@N8N8 ]Ɋ& !X8N8N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@O8N8 ]Ɋ& !X8N8O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8P8N8 ]Ɋ& !X8N8P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8Q8N8 ]Ɋ& !X8N8Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8R8N8 ]Ɋ& !X8N8R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S8N8 ]Ɋ& !8N8S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab18e7b9-1d3a-4be0-8561-8d3ba74406ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **TΎO8 ]Ɋ& !ΎO8T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ada514b-ae4c-4b3b-a4b2-dcce2c02c3cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab18e7b9-1d3a-4be0-8561-8d3ba74406ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XUP8 ]Ɋ& !XP8U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pVP8 ]Ɋ& !XP8V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pWP8 ]Ɋ& !XP8W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hXP8 ]Ɋ& !XP8X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**hYP8 ]Ɋ& !XP8Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hZP8 ]Ɋ& !XP8Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**[P8 ]Ɋ&  !P8[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fca33b68-1398-46d8-ad8b-1015b585ee0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\P8 ]Ɋ& !P8\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5e16501-56f1-4313-aa15-1d903c109541 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fca33b68-1398-46d8-ad8b-1015b585ee0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**]XQ8 ]Ɋ& '!XXQ8] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**^XQ8 ]Ɋ& ?!XXQ8^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**_XQ8 ]Ɋ& ;!XXQ8_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`XQ8 ]Ɋ& 3!XXQ8` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **aXQ8 ]Ɋ& 3!XXQ8a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bXQ8 ]Ɋ& 5!XXQ8b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0cXQ8 ]Ɋ& !XQ8c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a412c4ac-44d5-40d7-96e6-ed591d238bc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@d(Q8 ]Ɋ& !(Q8d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccc4ca57-7000-4a94-846f-cad052763b1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a412c4ac-44d5-40d7-96e6-ed591d238bc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**e% ]Ɋ& )!X%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**f% ]Ɋ& A!X%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**g% ]Ɋ& =!X%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**h% ]Ɋ& 5!X%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**i% ]Ɋ& 5!X%i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**j% ]Ɋ& 7!X%j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0k% ]Ɋ& !%k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=47aefc61-97e8-445b-8445-acf10a533b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lxn& ]Ɋ& !xn&l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17a7a6d1-964d-41de-a32c-263ee4ca99f0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=47aefc61-97e8-445b-8445-acf10a533b48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**Xm;8( ]Ɋ& !X;8(m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00cX**pn;8( ]Ɋ& !X;8(n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**ho;8( ]Ɋ& !X;8(o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkpp(_NTJoMu=VysMc&&**hp;8( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X;8(p F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Nh**`q;8( ]Ɋ& !X;8(q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hr;8( ]Ɋ& !X;8(r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s;8( ]Ɋ&  !;8(s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ee7a3fd-6479-46f6-81f7-c640cb19dff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t;8( ]Ɋ& !;8(t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2072f689-4e13-4f96-bfec-f02ee5d52ca2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ee7a3fd-6479-46f6-81f7-c640cb19dff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8u;8( ]Ɋ& !X;8(u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv;8( ]Ɋ& !X;8(v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pw;8( ]Ɋ& !X;8(w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx;8( ]Ɋ& !X;8(x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hy;8( ]Ɋ& !X;8(y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz;8( ]Ɋ& !X;8(z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**{;8( ]Ɋ& !;8({ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb5bf666-e55d-410d-9629-cdeaafc929af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|;8( ]Ɋ& !;8(| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc3fb44a-141d-4954-a781-d58ed0e9bc87 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb5bf666-e55d-410d-9629-cdeaafc929af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}( ]Ɋ& !X(} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p~( ]Ɋ& !X(~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h( ]Ɋ& !X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`( ]Ɋ& !X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`( ]Ɋ& !X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**( ]Ɋ& !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9358b2-0510-49db-b6ed-8ec00b1c2442 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8fdff679-ac12-4c13-b024-3fa47aa2bddb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9358b2-0510-49db-b6ed-8ec00b1c2442 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(( ]Ɋ& !X( F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@( ]Ɋ& !X( F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@( ]Ɋ& !X( F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8( ]Ɋ& !X( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8( ]Ɋ& !X( F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aa18**8( ]Ɋ& !X( F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**( ]Ɋ& !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=901d8752-84ff-4c36-a3da-ababfa11f454 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**hi) ]Ɋ& !hi) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8486f35-30bb-463f-888b-15deb3dc0e5f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=901d8752-84ff-4c36-a3da-ababfa11f454 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h*** ]Ɋ&  !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e8d32b5-c3cf-40b9-9f2a-e0c25678f20b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,3+ ]Ɋ& !,3+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5369425f-f6cd-4f16-b61a-4d187b26a2f8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e8d32b5-c3cf-40b9-9f2a-e0c25678f20b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **,3+ ]Ɋ& '!X,3+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**,3+ ]Ɋ& ?!X,3+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**,3+ ]Ɋ& ;!X,3+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**,3+ ]Ɋ& 3!X,3+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**,3+ ]Ɋ& 3!X,3+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**,3+ ]Ɋ& 5!X,3+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0,3+ ]Ɋ& !,3+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a1a7c764-afb1-438c-8717-97dae7afe1d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@+ ]Ɋ& !+ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee908bcc-9a6a-4a75-a1b5-f3afcf21175b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a1a7c764-afb1-438c-8717-97dae7afe1d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**PN ]Ɋ& )!XPN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**PN ]Ɋ& A!XPN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**PN ]Ɋ& =!XPN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXPN F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkp i-Mu=VysMc&&**PN ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XPN F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **PN ]Ɋ& 5!XPN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**PN ]Ɋ& 7!XPN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0PN ]Ɋ& !PN F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33eec987-3e71-433a-9982-fd8f66f21738 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@N ]Ɋ& !N F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d77c3b3-966a-45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33eec987-3e71-433a-9982-fd8f66f21738 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=52c@**XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=141p**hN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5h**`N ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`N ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hN ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**N ]Ɋ&  !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7762881f-9eca-4fa2-9d51-49a964bb3537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e32e5ca-7f44-4851-935b-e21c9f7b3fd5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7762881f-9eca-4fa2-9d51-49a964bb3537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8}6O ]Ɋ& !X}6O F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P}6O ]Ɋ& !X}6O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P}6O ]Ɋ& !X}6O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H}6O ]Ɋ& !X}6O F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H}6O ]Ɋ& !X}6O F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H}6O ]Ɋ& !X}6O F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a47H**}6O ]Ɋ& !}6O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=490a8a1c-e498-4046-aede-93b57adc0611 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**}6O ]Ɋ& !}6O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6cc4588-191d-4f5c-a0f9-6b9a5078ee71 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=490a8a1c-e498-4046-aede-93b57adc0611 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X}6O ]Ɋ& !X}6O F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f848X**p}6O ]Ɋ& !X}6O F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h}6O ]Ɋ& !X}6O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`}6O ]Ɋ& !X}6O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`}6O ]Ɋ& !X}6O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`}6O ]Ɋ& !X}6O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**}6O ]Ɋ& !}6O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5813e74-8b69-421b-b9f7-1b1001ba7cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**}6O ]Ɋ& !}6O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef12dc4e-4590-407f-bb56-cf7d1346d174 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5813e74-8b69-421b-b9f7-1b1001ba7cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f35**(O ]Ɋ& !XO F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@O ]Ɋ& !XO F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@O ]Ɋ& !XO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8O ]Ɋ& !XO F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8O ]Ɋ& !XO F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8O ]Ɋ& !XO F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d923107-a690-4bef-a4b2-89f88ae9d92d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61**gP ]Ɋ& !gP F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be0a823d-cafe-4768-bbf2-b03519bc2bd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8d923107-a690-4bef-a4b2-89f88ae9d92d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XAQ ]Ɋ& !XAQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pAQ ]Ɋ& !XAQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pAQ ]Ɋ& !XAQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hAQ ]Ɋ& !XAQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hAQ ]Ɋ& !XAQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hAQ ]Ɋ& !XAQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=17h**AQ ]Ɋ&  !AQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2430d8-d1eb-48c3-b615-cb79a55ec5c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**טQ ]Ɋ& !טQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dc0f45e-c06b-424c-afd4-d6608348997f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2430d8-d1eb-48c3-b615-cb79a55ec5c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**n1R ]Ɋ& '!Xn1R F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**n1R ]Ɋ& ?!Xn1R F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**n1R ]Ɋ& ;!Xn1R F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**n1R ]Ɋ& 3!Xn1R F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXn1R F&45f4-a538-a6bc5772b1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXPN F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X;8(p F&dLine=8F& ElfChnkHOq3$kMu=VysMc&&** n1R ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xn1R F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **n1R ]Ɋ& 5!Xn1R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PN**0n1R ]Ɋ& !n1R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=57eec88d-b13a-415c-a65c-936212924e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=530**@R ]Ɋ& !R F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=691f6047-6e8a-4bab-b2f7-a80465d15d81 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=57eec88d-b13a-415c-a65c-936212924e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**J ]Ɋ& )!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **J ]Ɋ& A!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**J ]Ɋ& =!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**J ]Ɋ& 5!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**J ]Ɋ& 5!XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**J ]Ɋ& 7!XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0J ]Ɋ& !J F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d60a42a5-909f-4978-8fae-9208becc3c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@SJ ]Ɋ& !SJ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e9aed21-d397-48d0-bae0-2e8796e109ca HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d60a42a5-909f-4978-8fae-9208becc3c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X J ]Ɋ& !X J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p J ]Ɋ& !X J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h J ]Ɋ& !X J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` J ]Ɋ& !X J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` J ]Ɋ& !X J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}`**h J ]Ɋ& !X J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh** J ]Ɋ&  ! J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa9ae3c5-fb3c-4a95-84f7-da880ce57c1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe** J ]Ɋ& ! J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c7321b1-14cb-425c-9175-0823ded31e20 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa9ae3c5-fb3c-4a95-84f7-da880ce57c1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8 J ]Ɋ& !X J F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P J ]Ɋ& !X J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P J ]Ɋ& !X J F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=OP**H J ]Ɋ& !X J F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H J ]Ɋ& !X J F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H J ]Ɋ& !X J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** J ]Ɋ& ! J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ea9d858-c701-4fb4-8286-f293ef44bbbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=252bdd9c-0497-4a3a-a055-437dc017bf56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ea9d858-c701-4fb4-8286-f293ef44bbbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**XJ ]Ɋ& !XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pJ ]Ɋ& !XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hJ ]Ɋ& !XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`J ]Ɋ& !XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=68`**`J ]Ɋ& !XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`J ]Ɋ& !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3978570c-a88b-4bd8-a099-e7bab6cd7c6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d27f1919-f82d-4752-85e1-089ef9f97d88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3978570c-a88b-4bd8-a099-e7bab6cd7c6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8d**(J ]Ɋ& !XJ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@J ]Ɋ& !XJ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@J ]Ɋ& !XJ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8J ]Ɋ& !XJ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8J ]Ɋ& !XJ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8J ]Ɋ& !XJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ba0aa8aa-8d84-489a-937b-1fe5000959ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**MJ ]Ɋ& !MJ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da4b55d2-23fa-44de-a7c5-33a2ad790032 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ba0aa8aa-8d84-489a-937b-1fe5000959ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**XzNJ ]Ɋ& !XzNJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pzNJ ]Ɋ& !XzNJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pzNJ ]Ɋ& !XzNJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**hzNJ ]Ɋ& !XzNJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hzNJ ]Ɋ& !XzNJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hzNJ ]Ɋ& !XzNJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !zNJ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk558p1]O<Mu=VysMc&&** zNJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !zNJ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=faee3535-4df9-431f-b143-82baa4176415 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**J ]Ɋ& '!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**J ]Ɋ& ?!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**J ]Ɋ& ;!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**J ]Ɋ& 3!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi** J ]Ɋ& 3!XJ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** J ]Ɋ& 5!XJ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0 J ]Ɋ& !J  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52e65c58-88eb-4f35-94c0-ba373e5656ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2a0**@ =J ]Ɋ& !=J  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7270092-bfb6-4d72-a47f-cd39a2589022 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=52e65c58-88eb-4f35-94c0-ba373e5656ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@** '( ]Ɋ& )!X'(  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**'( ]Ɋ& A!X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**'( ]Ɋ& =!X'( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **'( ]Ɋ& 5!X'( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**'( ]Ɋ& 5!X'( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**'( ]Ɋ& 7!X'( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0'( ]Ɋ& !'( F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96046ce4-57bd-4104-8b50-3932039aeac0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Y) ]Ɋ& !Y) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6816fc3a-bc0e-4de8-adad-2b344780598a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96046ce4-57bd-4104-8b50-3932039aeac0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**XY) ]Ɋ& !XY) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pY) ]Ɋ& !XY) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hY) ]Ɋ& !XY) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`Y) ]Ɋ& !XY) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Y) ]Ɋ& !XY) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hY) ]Ɋ& !XY) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**Y) ]Ɋ&  !Y) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426843b2-b965-4e6b-94f6-db4eacf8c5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9c-0**Y) ]Ɋ& !Y) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3216f676-3c88-4966-b750-c7ad5e700cfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426843b2-b965-4e6b-94f6-db4eacf8c5ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8Y) ]Ɋ& !XY) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=828**PY) ]Ɋ& !XY) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PY) ]Ɋ& !XY) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**H Y) ]Ɋ& !XY)  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H!Y) ]Ɋ& !XY)! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**H"Y) ]Ɋ& !XY)" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**#Y) ]Ɋ& !Y)# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b49f008f-63f1-48a6-b47e-4d660ffe4cc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**$) ]Ɋ& !)$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aff1ab5b-ffe5-4f89-ac04-4fcdad9602ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b49f008f-63f1-48a6-b47e-4d660ffe4cc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**X%) ]Ɋ& !X)% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&) ]Ɋ& !X)& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**h') ]Ɋ& !X)' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`() ]Ɋ& !X)( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`)) ]Ɋ& !X)) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`*) ]Ɋ& !X)* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**+) ]Ɋ& !)+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82c6116c-1464-4e75-980a-30e0686ceca8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,) ]Ɋ& !), F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=780c2e20-817a-4c26-86e4-57e3cb669a88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82c6116c-1464-4e75-980a-30e0686ceca8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(-) ]Ɋ& !X)- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@.) ]Ɋ& !X). F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@/) ]Ɋ& !X)/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**80) ]Ɋ& !X)0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**81) ]Ɋ& !X)1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**82) ]Ɋ& !X)2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**3) ]Ɋ& !)3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b4bdfd71-05a7-4b99-a2b2-edb0980529f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**4L* ]Ɋ& !L*4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b6db7f4-6ec0-4ba0-8529-37d4a5c969a0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b4bdfd71-05a7-4b99-a2b2-edb0980529f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X5<- ]Ɋ& !X<-5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk6g6g0X3oVPUMu=VysMc&&**x 6<- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X<-6 F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p7<- ]Ɋ& !X<-7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h8<- ]Ɋ& !X<-8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h9<- ]Ɋ& !X<-9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h:<- ]Ɋ& !X<-: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**;<- ]Ɋ&  !<-; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70597f87-7d5c-4579-8ae0-73210a7647ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**<. ]Ɋ& !.< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7addaad2-6d82-4140-a7ab-59988e84b464 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70597f87-7d5c-4579-8ae0-73210a7647ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**=i. ]Ɋ& '!Xi.= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**>i. ]Ɋ& ?!Xi.> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**?i. ]Ɋ& ;!Xi.? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b34**@i. ]Ɋ& 3!Xi.@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ai. ]Ɋ& 3!Xi.A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=447**Bi. ]Ɋ& 5!Xi.B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Ci. ]Ɋ& !i.C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=271a411e-cdec-430d-a863-8cf42657c1e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@DO/ ]Ɋ& !O/D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14dbe33c-c974-47d0-82ef-e5090779133f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=271a411e-cdec-430d-a863-8cf42657c1e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**EU ]Ɋ& )!XUE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **FU ]Ɋ& A!XUF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**GU ]Ɋ& =!XUG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**HU ]Ɋ& 5!XUH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**IU ]Ɋ& 5!XUI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**JU ]Ɋ& 7!XUJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0K= ]Ɋ& !=K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86350168-2c72-4936-8e33-19a368d41720 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@LԆ ]Ɋ& !ԆL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=784ad595-6951-493f-882b-afdcb6a9f54a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86350168-2c72-4936-8e33-19a368d41720 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XMԆ ]Ɋ& !XԆM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pNԆ ]Ɋ& !XԆN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hOԆ ]Ɋ& !XԆO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`PԆ ]Ɋ& !XԆP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`QԆ ]Ɋ& !XԆQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hRԆ ]Ɋ& !XԆR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**SԆ ]Ɋ&  !ԆS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6021ef4d-a2e7-4e75-b5c6-0dc74acf2ed3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Tj ]Ɋ& !jT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=942589f7-d8e1-4228-9d3a-3fef77e7cd2e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6021ef4d-a2e7-4e75-b5c6-0dc74acf2ed3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8Uj ]Ɋ& !XjU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PVj ]Ɋ& !XjV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PWj ]Ɋ& !XjW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HXj ]Ɋ& !XjX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HYj ]Ɋ& !XjY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HZj ]Ɋ& !XjZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**[j ]Ɋ& !j[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c126b15c-599a-4a71-be7c-4bd4d3d2ef0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**\j ]Ɋ& !j\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32b5cc38-8104-4353-b5f3-848e329ffd7d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c126b15c-599a-4a71-be7c-4bd4d3d2ef0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X]j ]Ɋ& !Xj] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p^j ]Ɋ& !Xj^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h_j ]Ɋ& !Xj_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**``j ]Ɋ& !Xj` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`aj ]Ɋ& !Xja F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`bj ]Ɋ& !Xjb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**cj ]Ɋ& !jc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1362fe09-239e-4605-bf82-2fb46617c682 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b2c834d-4e2f-4a83-9a9e-ecd57d0d5c6f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1362fe09-239e-4605-bf82-2fb46617c682 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(e ]Ɋ& !Xe F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@f ]Ɋ& !Xf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@g ]Ɋ& !Xg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXh F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkhhp4r'&Mu=VysMc&&**8 h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xh F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8i ]Ɋ& !Xi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8j ]Ɋ& !Xj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**k ]Ɋ& !k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=af542dc1-ccf9-430c-acf8-77b81f313368 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7a**lP ]Ɋ& !Pl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f08a909f-2951-44bc-8512-3b9707f2e21e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=af542dc1-ccf9-430c-acf8-77b81f313368 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xmā ]Ɋ& !Xām F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pnā ]Ɋ& !Xān F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**poā ]Ɋ& !Xāo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hpā ]Ɋ& !Xāp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hqā ]Ɋ& !Xāq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hrā ]Ɋ& !Xār F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-h**sā ]Ɋ&  !ās F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9f965ee-18e5-4d2c-bb96-d09cf3c7f59d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**t[ ]Ɋ& ![t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5466cb4-8f57-483c-8207-603fd8640bd9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9f965ee-18e5-4d2c-bb96-d09cf3c7f59d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**u[ ]Ɋ& '!X[u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**v[ ]Ɋ& ?!X[v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**w[ ]Ɋ& ;!X[w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**x[ ]Ɋ& 3!X[x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **y[ ]Ɋ& 3!X[y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**z[ ]Ɋ& 5!X[z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0{[ ]Ɋ& ![{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cfa9b571-f257-448d-97c3-da72fa1cc9f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@| ]Ɋ& !| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03db8e7d-cff9-47ff-a78f-b17aeba9de44 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cfa9b571-f257-448d-97c3-da72fa1cc9f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**}b.] ]Ɋ& )!Xb.]} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**~b.] ]Ɋ& A!Xb.]~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b.] ]Ɋ& =!Xb.] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**b.] ]Ɋ& 5!Xb.] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**b.] ]Ɋ& 5!Xb.] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**b.] ]Ɋ& 7!Xb.] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0b.] ]Ɋ& !b.] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d378a-34fb-41d7-b0c2-b0982689444a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@C/] ]Ɋ& !C/] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=716420d1-1327-48db-bf75-70d8e81ee6a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d378a-34fb-41d7-b0c2-b0982689444a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1-@**XC/] ]Ɋ& !XC/] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pC/] ]Ɋ& !XC/] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hC/] ]Ɋ& !XC/] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ch**`C/] ]Ɋ& !XC/] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**`C/] ]Ɋ& !XC/] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2`**hC/] ]Ɋ& !XC/] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**C/] ]Ɋ&  !C/] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ed4e6b-0719-44ec-b0b1-325976f01717 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**C/] ]Ɋ& !C/] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=614535f9-a423-49b6-a4f8-17b5455df3d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ed4e6b-0719-44ec-b0b1-325976f01717 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8+0] ]Ɋ& !X+0] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P+0] ]Ɋ& !X+0] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P+0] ]Ɋ& !X+0] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H+0] ]Ɋ& !X+0] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0d5cH**H+0] ]Ɋ& !X+0] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9a9H**H+0] ]Ɋ& !X+0] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4d-H**+0] ]Ɋ& !+0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=02eb5da4-3e1f-45bc-972a-0a39a57cda03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c6f**+0] ]Ɋ& !+0] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83076158-f3f1-440d-bbd5-29d8e230aa7e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=02eb5da4-3e1f-45bc-972a-0a39a57cda03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9**X+0] ]Ɋ& !X+0] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p+0] ]Ɋ& !X+0] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h+0] ]Ɋ& !X+0] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`+0] ]Ɋ& !X+0] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX+0] F&wid@ 65535 Eng ]Ɋ& ndXh F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X<-6 F&aceId=a4f56626-7c29-4cd9-8e51-d9b55452fa10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@߼NMu=VysMc&&**h+0] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X+0] F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`+0] ]Ɋ& !X+0] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**+0] ]Ɋ& !+0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72435bb3-f7d2-470e-833d-892c5de90e2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p0] ]Ɋ& !p0] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd3d4441-ca96-4a4b-9be9-db5622dc591d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72435bb3-f7d2-470e-833d-892c5de90e2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(p0] ]Ɋ& !Xp0] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@p0] ]Ɋ& !Xp0] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**@p0] ]Ɋ& !Xp0] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8p0] ]Ɋ& !Xp0] F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8p0] ]Ɋ& !Xp0] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8p0] ]Ɋ& !Xp0] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**p0] ]Ɋ& !p0] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1404dca0-abbc-425e-9a98-ca5bf91f30a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**]1] ]Ɋ& !]1] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c4c97a3-e04e-43ca-8776-28ef914bd0db HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1404dca0-abbc-425e-9a98-ca5bf91f30a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X&3] ]Ɋ& !X&3] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p&3] ]Ɋ& !X&3] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p&3] ]Ɋ& !X&3] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h&3] ]Ɋ& !X&3] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h&3] ]Ɋ& !X&3] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h&3] ]Ɋ& !X&3] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**&3] ]Ɋ&  !&3] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=249535a8-39c8-4272-be63-d16994b5e9f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**a3] ]Ɋ& !a3] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8b225372-0212-4e3c-9ce1-470b4608399c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=249535a8-39c8-4272-be63-d16994b5e9f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**W4] ]Ɋ& '!XW4] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**W4] ]Ɋ& ?!XW4] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**W4] ]Ɋ& ;!XW4] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W4] ]Ɋ& 3!XW4] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==71**W4] ]Ɋ& 3!XW4] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**W4] ]Ɋ& 5!XW4] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8d**0W4] ]Ɋ& !W4] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23b6aa-7dd0-485d-a3f2-d54f9a0d4a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$5] ]Ɋ& !$5] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=101ebc7d-4763-4fdd-885e-82750715d99e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f23b6aa-7dd0-485d-a3f2-d54f9a0d4a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**U ]Ɋ& )!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**U ]Ɋ& A!XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **U ]Ɋ& =!XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 5!XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 5!XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **U ]Ɋ& 7!XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0U ]Ɋ& !U F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c83f5b0f-8e9a-46e9-b6ad-3dd408f92871 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=546b4ed6-6717-467b-afda-26ec2b36ec64 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c83f5b0f-8e9a-46e9-b6ad-3dd408f92871 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1683ac3e-001c-4fb5-8101-1d4699252e03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee2cfbb6-263d-4ee1-b0c0-d580d27783ed HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1683ac3e-001c-4fb5-8101-1d4699252e03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8+ ]Ɋ& !X+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P+ ]Ɋ& !X+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H+ ]Ɋ& !X+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H+ ]Ɋ& !X+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=52faH PipelineI ]Ɋ&  X+ F&ElfChnkhbpxMu=VysMc&&**H+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X+ F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31198a6b-8d32-4540-bfff-3608dab6865d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+0**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b05df26-5ddc-4f9d-afb0-a08558649373 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31198a6b-8d32-4540-bfff-3608dab6865d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31c16eaf-9d3e-45f9-a65c-3c00378d808a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=076ff72f-d3d9-4229-ade3-48ec66920943 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31c16eaf-9d3e-45f9-a65c-3c00378d808a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8b8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fff8201e-e870-4620-9c7e-df5e9cff3aed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**X ]Ɋ& !X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec15fc2c-1bed-499e-8e2b-20c36b5330c3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fff8201e-e870-4620-9c7e-df5e9cff3aed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e3967b-77ed-4ea5-b5d2-11a417014b6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cab761dc-0b15-4edc-9fe0-23dea9bdd9a0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37e3967b-77ed-4ea5-b5d2-11a417014b6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost ** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=276ccf76-3985-411d-a57c-8abbe4df3e71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e94cfabc-69b2-4c0c-837d-1fa5e24e1e00 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=276ccf76-3985-411d-a57c-8abbe4df3e71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @**eR  ]Ɋ& )!XeR  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**eR  ]Ɋ& A!XeR  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**eR  ]Ɋ& =!XeR  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR  ]Ɋ& 5!XeR  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR  ]Ɋ& 5!XeR  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**eR  ]Ɋ& 7!XeR  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0eR  ]Ɋ& !eR  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2231e1d1-c83b-44da-9744-be5556ee8a85 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@8R  ]Ɋ& !8R  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07eb9552-526a-4dea-89b4-192fd9262d6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2231e1d1-c83b-44da-9744-be5556ee8a85 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XϖS  ]Ɋ& !XϖS  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pϖS  ]Ɋ& !XϖS  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hϖS  ]Ɋ& !XϖS  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`ϖS  ]Ɋ& !XϖS  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`ϖS  ]Ɋ& !XϖS  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hϖS  ]Ɋ& !XϖS  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X+ϖS ElfChnk++3%u` Mu=VysMc&&**ϖS  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !ϖS  F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec4e06fd-0394-4733-b827-f2453326063f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ϖS  ]Ɋ& !ϖS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70900fb8-f014-42f0-8c65-948be8136526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec4e06fd-0394-4733-b827-f2453326063f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8ϖS  ]Ɋ& !XϖS  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PϖS  ]Ɋ& !XϖS  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**PϖS  ]Ɋ& !XϖS  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**HϖS  ]Ɋ& !XϖS  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HϖS  ]Ɋ& !XϖS  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HϖS  ]Ɋ& !XϖS  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**ϖS  ]Ɋ& !ϖS  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b7ed2e-8ea5-4992-85ff-1665219836d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**ϖS  ]Ɋ& !ϖS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=433d80fa-44b0-41a0-8a17-b7d3c2074db3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b7ed2e-8ea5-4992-85ff-1665219836d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**Xe/T  ]Ɋ& !Xe/T  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pe/T  ]Ɋ& !Xe/T  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**he/T  ]Ɋ& !Xe/T  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`e/T  ]Ɋ& !Xe/T  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**` e/T  ]Ɋ& !Xe/T   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**` e/T  ]Ɋ& !Xe/T   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** e/T  ]Ɋ& !e/T   F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10745269-21f9-43e0-b8d4-a2f8dbbada67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** e/T  ]Ɋ& !e/T   F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52004dbf-4ee6-4820-b8d8-6eeaa6a23889 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10745269-21f9-43e0-b8d4-a2f8dbbada67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**( e/T  ]Ɋ& !Xe/T   F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@e/T  ]Ɋ& !Xe/T  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@e/T  ]Ɋ& !Xe/T  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8e/T  ]Ɋ& !Xe/T  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8e/T  ]Ɋ& !Xe/T  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8e/T  ]Ɋ& !Xe/T  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**e/T  ]Ɋ& !e/T  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dcef2e74-a9ff-46ac-8215-c8fd9b201cca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**T  ]Ɋ& !T  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4dd078c7-3382-4f29-8984-9310ecf299d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dcef2e74-a9ff-46ac-8215-c8fd9b201cca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X)U  ]Ɋ& !X)U  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p)U  ]Ɋ& !X)U  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p)U  ]Ɋ& !X)U  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h)U  ]Ɋ& !X)U  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h)U  ]Ɋ& !X)U  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h)U  ]Ɋ& !X)U  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**)U  ]Ɋ&  !)U  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12f43d48-fcb6-4074-9715-1bf9159f1a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V  ]Ɋ& !V  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9976a664-525b-4958-b721-fb4777efe125 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12f43d48-fcb6-4074-9715-1bf9159f1a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**V  ]Ɋ& '!XV  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**V  ]Ɋ& ?!XV  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**V  ]Ɋ& ;!XV  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as** V  ]Ɋ& 3!XV   F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**!V  ]Ɋ& 3!XV ! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**"V  ]Ɋ& 5!XV " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0#V  ]Ɋ& !V # F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b6ad06-94c2-4c94-bda5-a27dfd29173a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$V*W  ]Ɋ& !V*W $ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b319fbd1-0678-4724-b6c6-939361c31655 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b6ad06-94c2-4c94-bda5-a27dfd29173a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4da-@**%\Ϲo ]Ɋ& )!X\Ϲo% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**&\Ϲo ]Ɋ& A!X\Ϲo& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**'\Ϲo ]Ɋ& =!X\Ϲo' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**(\Ϲo ]Ɋ& 5!X\Ϲo( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**)\Ϲo ]Ɋ& 5!X\Ϲo) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me***\Ϲo ]Ɋ& 7!X\Ϲo* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+\Ϲo ]Ɋ& !\Ϲo+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk,[,[X{L\UMu=VysMc&&**@,o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!o, F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X-o ]Ɋ& !Xo- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=733X**p.o ]Ɋ& !Xo. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**h/o ]Ɋ& !Xo/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`0o ]Ɋ& !Xo0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1o ]Ɋ& !Xo1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h2o ]Ɋ& !Xo2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**3o ]Ɋ&  !o3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76ef2d6d-cc76-4d3b-961c-afde4b48beb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**4o ]Ɋ& !o4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad524f42-5382-4ecc-b0cb-83a940b1d163 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76ef2d6d-cc76-4d3b-961c-afde4b48beb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**85o ]Ɋ& !Xo5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**P6o ]Ɋ& !Xo6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P7o ]Ɋ& !Xo7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**H8o ]Ɋ& !Xo8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**H9o ]Ɋ& !Xo9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**H:o ]Ɋ& !Xo: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**;o ]Ɋ& !o; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=659ee1f9-1cfa-45bf-815e-0ba13860d322 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**<o ]Ɋ& !o< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a37c6894-8c79-453d-b5e4-56d9aa088d9a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=659ee1f9-1cfa-45bf-815e-0ba13860d322 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X=o ]Ɋ& !Xo= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a2fX**p>o ]Ɋ& !Xo> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h?o ]Ɋ& !Xo? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`@o ]Ɋ& !Xo@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2-`**`Ao ]Ɋ& !XoA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`Bo ]Ɋ& !XoB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Co ]Ɋ& !oC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c27ec16e-570c-46ba-b50a-6c66bad7f76e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Do ]Ɋ& !oD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=146d0e3c-95d4-44d1-aa12-24fbafadb562 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c27ec16e-570c-46ba-b50a-6c66bad7f76e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(E1o ]Ɋ& !X1oE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@F1o ]Ɋ& !X1oF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@G1o ]Ɋ& !X1oG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8H1o ]Ɋ& !X1oH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8I1o ]Ɋ& !X1oI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8J1o ]Ɋ& !X1oJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**K1o ]Ɋ& !1oK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=37662ab4-d646-4300-bb42-7aa2a83dcc80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **LLʼo ]Ɋ& !LʼoL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e7f061c-42a0-4f24-9a5c-e27dc4db302d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=37662ab4-d646-4300-bb42-7aa2a83dcc80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**XMbo ]Ɋ& !XboM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pNbo ]Ɋ& !XboN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pObo ]Ɋ& !XboO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hPbo ]Ɋ& !XboP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hQbo ]Ɋ& !XboQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hRbo ]Ɋ& !XboR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**Sbo ]Ɋ&  !boS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a47f9d06-3bce-4609-8a8e-96c7cb70e46a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tyo ]Ɋ& !yoT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f48b29c-4791-4226-879d-20c3f416d8be HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a47f9d06-3bce-4609-8a8e-96c7cb70e46a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Uyo ]Ɋ& '!XyoU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Vyo ]Ɋ& ?!XyoV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Wyo ]Ɋ& ;!XyoW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xyo ]Ɋ& 3!XyoX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**Yyo ]Ɋ& 3!XyoY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Zyo ]Ɋ& 5!XyoZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0[o ]Ɋ& !o[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,o\ F&on=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk\\/mS Mu=VysMc&&**@ \,o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!,o\ F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1da34e5c-b2b6-4292-9edd-499132f4033b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **]˝ ]Ɋ& )!X˝] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **^˝ ]Ɋ& A!X˝^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**_˝ ]Ɋ& =!X˝_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`˝ ]Ɋ& 5!X˝` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **a˝ ]Ɋ& 5!X˝a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**b˝ ]Ɋ& 7!X˝b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0c˝ ]Ɋ& !˝c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ca834e3-ee64-4757-820f-d7301610837d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@d! ]Ɋ& !!d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25fd565c-c2eb-4e9d-b455-0af98d079dfb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ca834e3-ee64-4757-820f-d7301610837d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**Xe! ]Ɋ& !X!e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pf! ]Ɋ& !X!f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hg! ]Ɋ& !X!g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`h! ]Ɋ& !X!h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`i! ]Ɋ& !X!i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hj! ]Ɋ& !X!j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**k! ]Ɋ&  !!k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a09b24-1900-4081-92f2-1a92e7457d61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **l! ]Ɋ& !!l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9fd069a-10d4-4564-97c3-625393f474b3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a09b24-1900-4081-92f2-1a92e7457d61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8m! ]Ɋ& !X!m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**Pn! ]Ɋ& !X!n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**Po! ]Ɋ& !X!o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**Hp! ]Ɋ& !X!p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**Hq! ]Ɋ& !X!q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**Hr! ]Ɋ& !X!r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**s! ]Ɋ& !!s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8211022a-4993-43c9-8df1-7b6a18708d64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90959c05-fc9f-442c-a763-077650211eb0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8211022a-4993-43c9-8df1-7b6a18708d64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`x ]Ɋ& !Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`z ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f579f3-bbc3-4e58-982f-b50c0f1e8525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e862c147-f087-4ed5-8179-ce16a0ec0d38 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f579f3-bbc3-4e58-982f-b50c0f1e8525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(} ]Ɋ& !X} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@~ ]Ɋ& !X~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f2a6f78-8106-4d07-abcb-ca2d08a67302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**N. ]Ɋ& !N. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c57ac584-715a-42f8-b4b3-b331d9fe091d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f2a6f78-8106-4d07-abcb-ca2d08a67302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X{_ ]Ɋ& !X{_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p{_ ]Ɋ& !X{_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p{_ ]Ɋ& !X{_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h{_ ]Ɋ& !X{_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h{_ ]Ɋ& !X{_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=132h**h{_ ]Ɋ& !X{_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**{_ ]Ɋ&  !{_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875b59a6-7dc7-433d-a1a8-8b614ef334e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e770a51f-e015-425f-a5f2-15c76f8a8057 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875b59a6-7dc7-433d-a1a8-8b614ef334e3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOX F&=4.0 RunspaceId=7f390dfc-8c5a-4aaf-8d5c-214dd579f549 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,o\ F&on=4.0 HostId=bddd9c0e-da04-4d0d-acd0-2e13c8adddaf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f8ac239-6734-486a-a584-41e6ca6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk0i]EMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt ** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d07c7585-39d3-400a-9f8d-8d370e028b3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@?) ]Ɋ& !?) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b491f61-6e95-44d7-99a7-8bce9f76ebf3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d07c7585-39d3-400a-9f8d-8d370e028b3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=06** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ca521f5-5494-4e1b-aa92-e6b78a42d8c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ccca57a-ca7a-4e6c-bc84-b9ab15857657 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1ca521f5-5494-4e1b-aa92-e6b78a42d8c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X"+ ]Ɋ& !X"+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p"+ ]Ɋ& !X"+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h"+ ]Ɋ& !X"+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`"+ ]Ɋ& !X"+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`"+ ]Ɋ& !X"+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"+ ]Ɋ& !X"+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**"+ ]Ɋ&  !"+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb8deec-7746-4f15-931f-c917f93a0f47 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**"+ ]Ɋ& !"+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d564c0e8-0355-4d5b-a07c-13612a731993 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb8deec-7746-4f15-931f-c917f93a0f47 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8"+ ]Ɋ& !X"+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v8**P"+ ]Ɋ& !X"+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P"+ ]Ɋ& !X"+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H"+ ]Ɋ& !X"+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"+ ]Ɋ& !X"+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"+ ]Ɋ& !X"+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**"+ ]Ɋ& !"+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec7a8780-bb0b-42b7-83b8-b886cc9eaa51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****"+ ]Ɋ& !"+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3e96aec-8126-4615-a752-e4e581ed1a23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec7a8780-bb0b-42b7-83b8-b886cc9eaa51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5285aa00-2128-4644-8b66-652e33899d8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed4e8895-8441-4120-b8cb-5a4c99fdc1b8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5285aa00-2128-4644-8b66-652e33899d8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={_8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f834e9ef-b961-4ab2-bd5a-3880417a1c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**O\ ]Ɋ& !O\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf887f76-b045-4bb6-88eb-2447a6b2a6f7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f834e9ef-b961-4ab2-bd5a-3880417a1c29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X| ]Ɋ& !X| F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p| ]Ɋ& !X| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p| ]Ɋ& !X| F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h| ]Ɋ& !X| F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X| F&a6c007e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X+ϖS ElfChnk$5'"Mu=VysMc&&**h | ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X| F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h| ]Ɋ& !X| F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**| ]Ɋ&  !| F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01d556fd-74a6-4f1d-9d50-5a4476667ab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2de06fa8-3400-428e-84a1-4675db798ed6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01d556fd-74a6-4f1d-9d50-5a4476667ab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**& ]Ɋ& '!X& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**& ]Ɋ& ?!X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**& ]Ɋ& ;!X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ab**& ]Ɋ& 3!X& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**& ]Ɋ& 3!X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b15**& ]Ɋ& 5!X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0& ]Ɋ& !& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ca1fa-4399-47cf-9224-931ac1ed1ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58c9db2e-eeb1-4934-95b6-890ddf0fe1c0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb9ca1fa-4399-47cf-9224-931ac1ed1ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**+4 ]Ɋ& )!X+4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **+4 ]Ɋ& A!X+4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**+4 ]Ɋ& =!X+4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**+4 ]Ɋ& 5!X+4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**+4 ]Ɋ& 5!X+4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**+4 ]Ɋ& 7!X+4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0+4 ]Ɋ& !+4 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85b484c8-9a83-4830-8850-7788d95e8118 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$5 ]Ɋ& !$5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd6c387-755f-4c2c-86af-b756c969eab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85b484c8-9a83-4830-8850-7788d95e8118 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X$5 ]Ɋ& !X$5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p$5 ]Ɋ& !X$5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h$5 ]Ɋ& !X$5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`$5 ]Ɋ& !X$5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`$5 ]Ɋ& !X$5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h$5 ]Ɋ& !X$5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**X5 ]Ɋ&  !X5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=289e5fde-b0ac-44b9-b05a-7fe890b8a365 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X5 ]Ɋ& !X5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc4283f1-2e32-42d3-b8eb-0f0b69dd10d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=289e5fde-b0ac-44b9-b05a-7fe890b8a365 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8X5 ]Ɋ& !XX5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PX5 ]Ɋ& !XX5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PX5 ]Ɋ& !XX5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HX5 ]Ɋ& !XX5 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HX5 ]Ɋ& !XX5 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HX5 ]Ɋ& !XX5 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**X5 ]Ɋ& !X5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=827bd198-4fce-46f9-8917-016154d16a80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**X5 ]Ɋ& !X5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77b47b98-5be7-474c-971c-7a1533eafd99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=827bd198-4fce-46f9-8917-016154d16a80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XU6 ]Ɋ& !XU6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pU6 ]Ɋ& !XU6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hU6 ]Ɋ& !XU6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`U6 ]Ɋ& !XU6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`U6 ]Ɋ& !XU6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`U6 ]Ɋ& !XU6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**U6 ]Ɋ& !U6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58869793-0fea-4e9f-937b-8f198730f237 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**U6 ]Ɋ& !U6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7106857-7b6b-4299-8889-cf33e5653060 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58869793-0fea-4e9f-937b-8f198730f237 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(6 ]Ɋ& !X6 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@6 ]Ɋ& !X6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@6 ]Ɋ& !X6 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**86 ]Ɋ& !X6 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**86 ]Ɋ& !X6 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**86 ]Ɋ& !X6 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**6 ]Ɋ& !6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=834cee7d-463b-4f05-82ac-08e993fb87cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  7 F&+ϖS ElfChnk%%pFeVڢMu=VysMc&&** 7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!7 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60176c5d-ad99-4b7f-9010-8e25e343fbfd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=834cee7d-463b-4f05-82ac-08e993fb87cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xv9 ]Ɋ& !Xv9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pv9 ]Ɋ& !Xv9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pv9 ]Ɋ& !Xv9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hv9 ]Ɋ& !Xv9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hv9 ]Ɋ& !Xv9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hv9 ]Ɋ& !Xv9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&h**v9 ]Ɋ&  !v9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f1e1208-f8be-44cd-8bf0-850fe3c30848 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov** : ]Ɋ& ! : F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1894a0d-5270-4fde-8d47-cfa8ad0a6948 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f1e1208-f8be-44cd-8bf0-850fe3c30848 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** : ]Ɋ& '!X : F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4** : ]Ɋ& ?!X : F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1** : ]Ɋ& ;!X : F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta** : ]Ɋ& 3!X : F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=** : ]Ɋ& 3!X : F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate** : ]Ɋ& 5!X : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0 : ]Ɋ& ! : F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dba7359e-0b82-437f-b7dd-d08d35c2a3c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@; ]Ɋ& !; F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2319a031-1f7e-4ee7-8268-ae557912fc39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dba7359e-0b82-437f-b7dd-d08d35c2a3c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**0 ]Ɋ& )!X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**0 ]Ɋ& A!X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**0 ]Ɋ& =!X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0 ]Ɋ& 5!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI** 0 ]Ɋ& 5!X0  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq** 0 ]Ɋ& 7!X0  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0 0 ]Ɋ& !0  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18338889-622c-453d-a266-893947dd9bfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ D ]Ɋ& !D  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f47803b-cef8-452a-a543-69f57dabcaa4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=18338889-622c-453d-a266-893947dd9bfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X ] ]Ɋ& !X]  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h] ]Ɋ& !X] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`] ]Ɋ& !X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`] ]Ɋ& !X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h] ]Ɋ& !X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**] ]Ɋ&  !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2eef69ee-bb01-4bc9-870f-9b9ac08e77ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f290c269-85d8-4dae-8092-187291fcd8aa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2eef69ee-bb01-4bc9-870f-9b9ac08e77ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8] ]Ɋ& !X] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P] ]Ɋ& !X] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H] ]Ɋ& !X] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H] ]Ɋ& !X] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**] ]Ɋ& !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d34ff4c-7766-48a8-ad46-e7ff7f12b269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af83cfb9-0371-47fd-804f-e2f8e8a8b39a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d34ff4c-7766-48a8-ad46-e7ff7f12b269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**` u ]Ɋ& !Xu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`!u ]Ɋ& !Xu! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`"u ]Ɋ& !Xu" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**#u ]Ɋ& !u# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c51534db-293d-494e-8900-65a4a1cd3950 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$u ]Ɋ& !u$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b12144d-b406-4fea-baf6-2acd9cc7c5d6 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c51534db-293d-494e-8900-65a4a1cd3950 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(%u ]Ɋ& !Xu% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  Xu& F&  7 F&+ϖS ElfChnk&V&V0^L8 Mu=VysMc&&**H &u ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!Xu& F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@'u ]Ɋ& !Xu' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8(u ]Ɋ& !Xu( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8)u ]Ɋ& !Xu) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8*u ]Ɋ& !Xu* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**+u ]Ɋ& !u+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=00eb040e-3101-4c84-a852-cf1e3545b83f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=775fc211-cfdf-457a-8a65-6b9daddcb845 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=00eb040e-3101-4c84-a852-cf1e3545b83f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X-N ]Ɋ& !XN- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p.N ]Ɋ& !XN. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p/N ]Ɋ& !XN/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f1ep**h0N ]Ɋ& !XN0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h1N ]Ɋ& !XN1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= :h**h2N ]Ɋ& !XN2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3N ]Ɋ&  !N3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8550e32-76ed-4241-8155-3e3a7bb2bb2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**4p ]Ɋ& !p4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0335324-6a1a-4082-be0e-fcefd2c2e6fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8550e32-76ed-4241-8155-3e3a7bb2bb2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**5p ]Ɋ& '!Xp5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**6p ]Ɋ& ?!Xp6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**7p ]Ɋ& ;!Xp7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**8p ]Ɋ& 3!Xp8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**9p ]Ɋ& 3!Xp9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**:p ]Ɋ& 5!Xp: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0;p ]Ɋ& !p; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba62d716-6c03-4005-a077-c98de1ce79b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a40**@<{  ]Ɋ& !{ < F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=769ae6ba-cdf6-451b-9a5b-c0f295b9f6ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba62d716-6c03-4005-a077-c98de1ce79b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**== : ]Ɋ& )!X= := F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**>= : ]Ɋ& A!X= :> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**?= : ]Ɋ& =!X= :? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**@= : ]Ɋ& 5!X= :@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**A= : ]Ɋ& 5!X= :A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**B= : ]Ɋ& 7!X= :B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0C= : ]Ɋ& != :C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85bec2c1-0c47-4ecf-b4ca-35df043bf350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@Dj ": ]Ɋ& !j ":D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e000babe-b15e-4b58-a6d6-ff183c4aef0e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85bec2c1-0c47-4ecf-b4ca-35df043bf350 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XEj ": ]Ɋ& !Xj ":E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pFj ": ]Ɋ& !Xj ":F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hGj ": ]Ɋ& !Xj ":G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]h**`Hj ": ]Ɋ& !Xj ":H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Ij ": ]Ɋ& !Xj ":I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJj ": ]Ɋ& !Xj ":J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**Kj ": ]Ɋ&  !j ":K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e82ec0cf-cc3a-4813-9588-e4c4545d9467 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**Lj ": ]Ɋ& !j ":L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7eb8d7c0-9ebd-4869-8afc-3fbe226a9c03 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e82ec0cf-cc3a-4813-9588-e4c4545d9467 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8Mj ": ]Ɋ& !Xj ":M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**PNj ": ]Ɋ& !Xj ":N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**POj ": ]Ɋ& !Xj ":O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**HPj ": ]Ɋ& !Xj ":P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HQj ": ]Ɋ& !Xj ":Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HRj ": ]Ɋ& !Xj ":R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Sj ": ]Ɋ& !j ":S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5f362c-ea5e-4dcc-8ed9-dc9392ec7853 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**T": ]Ɋ& !":T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=beb44205-0330-49a8-ad60-003266a41a8c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e5f362c-ea5e-4dcc-8ed9-dc9392ec7853 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XU": ]Ɋ& !X":U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV": ]Ɋ& !X":V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X":W F&  Xu& F&  7 F&+ϖS ElfChnkWW(xIPɒaCMu=VysMc&&**pW": ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X":W F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`X": ]Ɋ& !X":X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`Y": ]Ɋ& !X":Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`Z": ]Ɋ& !X":Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**[": ]Ɋ& !":[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=721fc064-fd03-4e83-8aca-604889186687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**\": ]Ɋ& !":\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07a0470f-f24e-44fb-ab42-359bdd7d96f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=721fc064-fd03-4e83-8aca-604889186687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(]": ]Ɋ& !X":] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@^": ]Ɋ& !X":^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@_": ]Ɋ& !X":_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8`": ]Ɋ& !X":` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8a": ]Ɋ& !X":a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8b": ]Ɋ& !X":b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**c": ]Ɋ& !":c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8931bef8-0e47-4c97-b167-a77b0c53fefd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d;#: ]Ɋ& !;#:d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c7f6917-747b-4d66-87b2-4c790f8fa56b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8931bef8-0e47-4c97-b167-a77b0c53fefd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Xel$: ]Ɋ& !Xl$:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pfl$: ]Ɋ& !Xl$:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pgl$: ]Ɋ& !Xl$:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hhl$: ]Ɋ& !Xl$:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hil$: ]Ɋ& !Xl$:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hjl$: ]Ɋ& !Xl$:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**kl$: ]Ɋ&  !l$:k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679a225e-00d5-4e75-b361-2a57b2d79901 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**lZ%: ]Ɋ& !Z%:l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d795cf1-d5c5-4961-aaba-d9a6cf7f1ef8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679a225e-00d5-4e75-b361-2a57b2d79901 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**mZ%: ]Ɋ& '!XZ%:m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**nZ%: ]Ɋ& ?!XZ%:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**oZ%: ]Ɋ& ;!XZ%:o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c4a**pZ%: ]Ɋ& 3!XZ%:p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**qZ%: ]Ɋ& 3!XZ%:q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aef**rZ%: ]Ɋ& 5!XZ%:r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sZ%: ]Ɋ& !Z%:s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=201b4121-c77f-44a7-a2c3-85df558e78ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@t%: ]Ɋ& !%:t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df4da003-2225-490d-a66a-0ee9de2226ba HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=201b4121-c77f-44a7-a2c3-85df558e78ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**uqN ]Ɋ& )!XqNu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**vqN ]Ɋ& A!XqNv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **wqN ]Ɋ& =!XqNw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**xqN ]Ɋ& 5!XqNx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **yqN ]Ɋ& 5!XqNy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**zqN ]Ɋ& 7!XqNz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0{qN ]Ɋ& !qN{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882e67e4-e860-41d0-8193-679b1d33b9ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@| O ]Ɋ& ! O| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5323e442-b030-4df4-bf56-ac48a1fc4701 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=882e67e4-e860-41d0-8193-679b1d33b9ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X} O ]Ɋ& !X O} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~ O ]Ɋ& !X O~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h O ]Ɋ& !X O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**` O ]Ɋ& !X O F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**` O ]Ɋ& !X O F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h O ]Ɋ& !X O F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah** O ]Ɋ&  ! O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d10c05a-9a79-4d3c-acd6-1e4567f2fa01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**O ]Ɋ& !O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=433d0132-5a67-46f4-8d17-11780684ce92 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d10c05a-9a79-4d3c-acd6-1e4567f2fa01 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8O ]Ɋ& !XO F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**PO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&+XElfChnk0i&Mu=VysMc&&**HO ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XO F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HO ]Ɋ& !XO F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HO ]Ɋ& !XO F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2cd949a-489b-4c4d-aa12-743b8d831d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**O ]Ɋ& !O F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1cd35a6a-73f6-4add-9dd6-726c1d6216ee HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2cd949a-489b-4c4d-aa12-743b8d831d3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**XO ]Ɋ& !XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`O ]Ɋ& !XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`O ]Ɋ& !XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`O ]Ɋ& !XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**O ]Ɋ& !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db1f88a7-4b81-4ac2-955b-acf5a35706e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;P ]Ɋ& !;P F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=005ce98a-49be-4003-b147-4c687d682c84 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db1f88a7-4b81-4ac2-955b-acf5a35706e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(;P ]Ɋ& !X;P F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7(**@;P ]Ɋ& !X;P F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@;P ]Ɋ& !X;P F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8;P ]Ɋ& !X;P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8;P ]Ɋ& !X;P F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8;P ]Ɋ& !X;P F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**;P ]Ɋ& !;P F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64379a27-2958-4862-aeb2-cf59e41c6ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**JP ]Ɋ& !JP F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=341e4600-7f33-4acd-adb1-bcc8cec950b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64379a27-2958-4862-aeb2-cf59e41c6ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XwR ]Ɋ& !XwR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pwR ]Ɋ& !XwR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pwR ]Ɋ& !XwR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hwR ]Ɋ& !XwR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hwR ]Ɋ& !XwR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hwR ]Ɋ& !XwR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**wR ]Ɋ&  !wR F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aacadc04-7d8a-4244-8559-2651671432ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40fd1573-745b-40b1-9a2d-d1cc3c394a8d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aacadc04-7d8a-4244-8559-2651671432ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**R ]Ɋ& '!XR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**R ]Ɋ& ?!XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **R ]Ɋ& ;!XR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R ]Ɋ& 3!XR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**R ]Ɋ& 3!XR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**R ]Ɋ& 5!XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0R ]Ɋ& !R F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ebf32d7-12c5-441e-b24e-8624dd1de113 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@6S ]Ɋ& !6S F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fbe3dae9-8f92-468f-937a-ae8c83461e20 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ebf32d7-12c5-441e-b24e-8624dd1de113 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-e8@**]' ]Ɋ& )!X]' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**]' ]Ɋ& A!X]' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**]' ]Ɋ& =!X]' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5**]' ]Ɋ& 5!X]' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**]' ]Ɋ& 5!X]' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**]' ]Ɋ& 7!X]' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0' ]Ɋ& !' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22b9d745-a312-484c-a617-6b1762a47317 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L( ]Ɋ& !L( F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a414d15-4c93-4197-a972-9582bdfd83ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22b9d745-a312-484c-a617-6b1762a47317 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XL( ]Ɋ& !XL( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pL( ]Ɋ& !XL( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hL( ]Ɋ& !XL( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`L( ]Ɋ& !XL( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkmX!hMu=VysMc&&**hL( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XL( F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hL( ]Ɋ& !XL( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**L( ]Ɋ&  !L( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9d46938-4dd9-4709-854e-02e0d3de766d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd1e2f2c-f161-4f70-b6a7-25ce040de3f5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9d46938-4dd9-4709-854e-02e0d3de766d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8!( ]Ɋ& !X!( F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P!( ]Ɋ& !X!( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P!( ]Ɋ& !X!( F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H!( ]Ɋ& !X!( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H!( ]Ɋ& !X!( F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H!( ]Ɋ& !X!( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**!( ]Ɋ& !!( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78374946-eeae-447d-965e-c791b89c7af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc9dd292-7b6f-478e-b038-acf47d797ee8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78374946-eeae-447d-965e-c791b89c7af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X!( ]Ɋ& !X!( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p!( ]Ɋ& !X!( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h!( ]Ɋ& !X!( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`!( ]Ɋ& !X!( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`!( ]Ɋ& !X!( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`!( ]Ɋ& !X!( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**!( ]Ɋ& !!( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36036013-d482-4c5c-a97b-263a95b430ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!( ]Ɋ& !!( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d881eeb-2753-41f5-9faf-ada9647bb91e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36036013-d482-4c5c-a97b-263a95b430ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(}) ]Ɋ& !X}) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@}) ]Ɋ& !X}) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@}) ]Ɋ& !X}) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8}) ]Ɋ& !X}) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8}) ]Ɋ& !X}) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5b-8**8}) ]Ɋ& !X}) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**}) ]Ɋ& !}) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=69063b58-b72d-443e-a1ae-763c7a0c9e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**N* ]Ɋ& !N* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf051519-fe5b-4251-b718-400c5805b057 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=69063b58-b72d-443e-a1ae-763c7a0c9e1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X{G+ ]Ɋ& !X{G+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p{G+ ]Ɋ& !X{G+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p{G+ ]Ɋ& !X{G+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h{G+ ]Ɋ& !X{G+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h{G+ ]Ɋ& !X{G+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h{G+ ]Ɋ& !X{G+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{G+ ]Ɋ&  !{G+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58804f20-6f37-4098-a360-bc70de2c6b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=765922be-64a3-4e6c-9232-2e07ade453e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58804f20-6f37-4098-a360-bc70de2c6b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**x, ]Ɋ& '!Xx, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**x, ]Ɋ& ?!Xx, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**x, ]Ɋ& ;!Xx, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**x, ]Ɋ& 3!Xx, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **x, ]Ɋ& 3!Xx, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**x, ]Ɋ& 5!Xx, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0x, ]Ɋ& !x, F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8677561b-485f-4b2e-b093-a7597ff02d44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@>- ]Ɋ& !>- F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aac65be1-4c92-42a3-a707-7d363625799e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8677561b-485f-4b2e-b093-a7597ff02d44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**TL ]Ɋ& )!XTL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**TL ]Ɋ& A!XTL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**TL ]Ɋ& =!XTL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**TL ]Ɋ& 5!XTL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXTL F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkp'.Mu=VysMc&&**TL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XTL F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **TL ]Ɋ& 7!XTL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0TL ]Ɋ& !TL F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4ce439d-8aaf-4b50-9182-ed23849163d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@@UL ]Ɋ& !@UL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2717dd51-205a-4c3e-8fbb-6c2c970bf6f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4ce439d-8aaf-4b50-9182-ed23849163d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X@UL ]Ɋ& !X@UL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p@UL ]Ɋ& !X@UL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h@UL ]Ɋ& !X@UL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`@UL ]Ɋ& !X@UL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`@UL ]Ɋ& !X@UL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h@UL ]Ɋ& !X@UL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**DUL ]Ɋ&  !DUL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afc7bdab-f62f-4d92-b2d5-d10a2962136f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **DUL ]Ɋ& !DUL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=81ff9a03-cdb3-411d-933f-af1da374bd1d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afc7bdab-f62f-4d92-b2d5-d10a2962136f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8DUL ]Ɋ& !XDUL F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PDUL ]Ɋ& !XDUL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PDUL ]Ɋ& !XDUL F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HDUL ]Ɋ& !XDUL F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HDUL ]Ɋ& !XDUL F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HDUL ]Ɋ& !XDUL F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**DUL ]Ɋ& !DUL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6d68111-fabe-486e-9f47-27ca3ca972ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**DUL ]Ɋ& !DUL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=025d16b4-62e3-4167-a795-8750069c27f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6d68111-fabe-486e-9f47-27ca3ca972ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XqVL ]Ɋ& !XqVL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pqVL ]Ɋ& !XqVL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hqVL ]Ɋ& !XqVL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`qVL ]Ɋ& !XqVL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`qVL ]Ɋ& !XqVL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`qVL ]Ɋ& !XqVL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**qVL ]Ɋ& !qVL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3205cab-e964-4f87-8896-eab841883b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**qVL ]Ɋ& !qVL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94bdcbba-c60d-4b89-af33-c8abbd82a2b4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3205cab-e964-4f87-8896-eab841883b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(qVL ]Ɋ& !XqVL F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@qVL ]Ɋ& !XqVL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@qVL ]Ɋ& !XqVL F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8qVL ]Ɋ& !XqVL F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 qVL ]Ɋ& !XqVL  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8 qVL ]Ɋ& !XqVL  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8** qVL ]Ɋ& !qVL  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=122a00c7-6e23-4c6c-be0b-0f8047d92e53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g** q WL ]Ɋ& !q WL  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59059b6e-a948-41a1-b79c-db0bc522b647 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=122a00c7-6e23-4c6c-be0b-0f8047d92e53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X lYL ]Ɋ& !XlYL  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**plYL ]Ɋ& !XlYL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**plYL ]Ɋ& !XlYL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hlYL ]Ɋ& !XlYL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hlYL ]Ɋ& !XlYL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=636h**hlYL ]Ɋ& !XlYL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**lYL ]Ɋ&  !lYL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64aab37b-6b01-409d-a8a2-c371a108e11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**aZL ]Ɋ& !aZL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=00f924b0-40eb-4daf-941f-46fc494dcbfb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64aab37b-6b01-409d-a8a2-c371a108e11d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**aZL ]Ɋ& '!XaZL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**aZL ]Ɋ& ?!XaZL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**aZL ]Ɋ& ;!XaZL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **aZL ]Ɋ& 3!XaZL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**aZL ]Ɋ& 3!XaZL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XaZL F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkKKp(<ЅCMu=VysMc&&** aZL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XaZL F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4c3 **0aZL ]Ɋ& !aZL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aead6042-440b-4648-942e-df8b8d57d84b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ZL ]Ɋ& !ZL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95dadae0-cee7-41c7-8ac3-9c8618e62365 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=aead6042-440b-4648-942e-df8b8d57d84b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**M ]Ɋ& )!XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**M ]Ɋ& A!XM F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **M ]Ɋ& =!XM F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** M ]Ɋ& 5!XM  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!M ]Ɋ& 5!XM! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **"M ]Ɋ& 7!XM" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0#M ]Ɋ& !M# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5faf83b3-459d-4f24-8719-614f56e2b91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@$巯 ]Ɋ& !巯$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60f4bbcb-0a31-44b5-a728-baacbc7a38c2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5faf83b3-459d-4f24-8719-614f56e2b91a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X%J~ ]Ɋ& !XJ~% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p&J~ ]Ɋ& !XJ~& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h'J~ ]Ɋ& !XJ~' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`(J~ ]Ɋ& !XJ~( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`)J~ ]Ɋ& !XJ~) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h*J~ ]Ɋ& !XJ~* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**+J~ ]Ɋ&  !J~+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66b19b12-4b48-4731-b69b-ef4d86cded10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**,J~ ]Ɋ& !J~, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce07010-1312-47d5-b2ad-797ec48daee6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66b19b12-4b48-4731-b69b-ef4d86cded10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8-J~ ]Ɋ& !XJ~- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P.J~ ]Ɋ& !XJ~. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P/J~ ]Ɋ& !XJ~/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H0J~ ]Ɋ& !XJ~0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H1J~ ]Ɋ& !XJ~1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H2J~ ]Ɋ& !XJ~2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**3J~ ]Ɋ& !J~3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60a3d2a4-6790-4c27-9d97-7c0d725b37b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**4J~ ]Ɋ& !J~4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=521c892a-bd47-47e2-a93a-fa44f0d48016 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60a3d2a4-6790-4c27-9d97-7c0d725b37b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e57d9f34-a4be-4ee2-a88b-9b55c90ea907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a1fda27-491f-4f19-b986-e61f81ce3904 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e57d9f34-a4be-4ee2-a88b-9b55c90ea907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(= ]Ɋ& !X= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@> ]Ɋ& !X> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9@**@? ]Ɋ& !X? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8@ ]Ɋ& !X@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8A ]Ɋ& !XA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8B ]Ɋ& !XB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c4c9bfd-3e5e-4183-be1b-25dd0529ed7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**Dw ]Ɋ& !wD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1418be4-58ab-46bf-b6df-32f3d3921ec1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c4c9bfd-3e5e-4183-be1b-25dd0529ed7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XE:y ]Ɋ& !X:yE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pF:y ]Ɋ& !X:yF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pG:y ]Ɋ& !X:yG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hH:y ]Ɋ& !X:yH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hI:y ]Ɋ& !X:yI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hJ:y ]Ɋ& !X:yJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**K:y ]Ɋ&  !:yK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31258e55-4cce-4eef-97ef-2b66bc844930 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& CuL F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XaZL F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkL~L~x$ZhmMu=VysMc&&** L ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !L F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0335c974-713c-46ea-9935-72d8549161a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31258e55-4cce-4eef-97ef-2b66bc844930 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **M ]Ɋ& '!XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**N ]Ɋ& ?!XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**P ]Ɋ& 3!XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q ]Ɋ& 3!XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**R ]Ɋ& 5!XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S ]Ɋ& !S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f960cee-546d-48ea-8f54-1e596048e0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@Tg ]Ɋ& !gT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75766b21-645e-49aa-baf5-2afc987e1302 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f960cee-546d-48ea-8f54-1e596048e0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**U"m ]Ɋ& )!X"mU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**V"m ]Ɋ& A!X"mV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**W"m ]Ɋ& =!X"mW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**X"m ]Ɋ& 5!X"mX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Y"m ]Ɋ& 5!X"mY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==6**Z"m ]Ɋ& 7!X"mZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0["m ]Ɋ& !"m[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5460976-7070-4a2d-9aba-f160eafbbf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@\O ]Ɋ& !O\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f21b3545-d8ce-444e-8cd8-bb832126e683 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5460976-7070-4a2d-9aba-f160eafbbf6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X]O ]Ɋ& !XO] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^O ]Ɋ& !XO^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Jp**h_O ]Ɋ& !XO_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``O ]Ɋ& !XO` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`aO ]Ɋ& !XOa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hbO ]Ɋ& !XOb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**c6 ]Ɋ&  !6c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e5fbe3-4eb0-4ccc-abb5-b34d03c24df4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **d6 ]Ɋ& !6d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91e2844c-074c-4b6d-9424-03d63a8b3343 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e5fbe3-4eb0-4ccc-abb5-b34d03c24df4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8e6 ]Ɋ& !X6e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**Pf6 ]Ɋ& !X6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**Pg6 ]Ɋ& !X6g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**Hh6 ]Ɋ& !X6h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**Hi6 ]Ɋ& !X6i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hj6 ]Ɋ& !X6j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**k6 ]Ɋ& !6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607cf5e9-7c24-4023-a864-3de5b1c7269d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**l|ψ ]Ɋ& !|ψl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=626b248a-54b7-4326-a6be-ecd5661dae31 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607cf5e9-7c24-4023-a864-3de5b1c7269d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm|ψ ]Ɋ& !X|ψm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pn|ψ ]Ɋ& !X|ψn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**ho|ψ ]Ɋ& !X|ψo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`p|ψ ]Ɋ& !X|ψp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`q|ψ ]Ɋ& !X|ψq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`r|ψ ]Ɋ& !X|ψr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**s|ψ ]Ɋ& !|ψs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6cdc254-20e3-4bfa-8b3f-c4a83e0876f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t|ψ ]Ɋ& !|ψt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68afa931-15ae-455d-832f-36e96559af5c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6cdc254-20e3-4bfa-8b3f-c4a83e0876f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **(uh ]Ɋ& !Xhu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@vh ]Ɋ& !Xhv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@wh ]Ɋ& !Xhw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8xh ]Ɋ& !Xhx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8yh ]Ɋ& !Xhy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:8**8zh ]Ɋ& !Xhz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**{h ]Ɋ& !h{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1759138c-9a44-4424-bafe-46282390eadd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**|? ]Ɋ& !?| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=588b680b-7f7f-474c-883f-ac879253e916 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1759138c-9a44-4424-bafe-46282390eadd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X}] ]Ɋ& !X]} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p~] ]Ɋ& !X]~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX] F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnkHnlUfMu=VysMc&&**p ] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X] F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h] ]Ɋ& !X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h] ]Ɋ& !X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h] ]Ɋ& !X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**] ]Ɋ&  !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f077720-eee0-47f6-a0af-ffa7144cc22d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=98** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee5fb685-68ad-4871-9a27-3efb35f33633 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f077720-eee0-47f6-a0af-ffa7144cc22d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**' ]Ɋ& '!X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**' ]Ɋ& ?!X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**' ]Ɋ& ;!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**' ]Ɋ& 3!X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& 3!X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **' ]Ɋ& 5!X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0' ]Ɋ& !' F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=98450f90-6e18-441a-b8e8-50a1fe82c1df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@M ]Ɋ& !M F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2c69539-7079-4f35-b1a7-0fb9d8260c1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=98450f90-6e18-441a-b8e8-50a1fe82c1df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]@**)LV ]Ɋ& )!X)LV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)LV ]Ɋ& A!X)LV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **)LV ]Ɋ& =!X)LV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**)LV ]Ɋ& 5!X)LV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**)LV ]Ɋ& 5!X)LV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **)LV ]Ɋ& 7!X)LV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**0)LV ]Ɋ& !)LV F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43f97f9-6fb5-477b-a4fd-ba6c3c0b7f8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@V NV ]Ɋ& !V NV F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=993849bf-87fa-41b9-bff9-96dceb4bb596 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43f97f9-6fb5-477b-a4fd-ba6c3c0b7f8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XV NV ]Ɋ& !XV NV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pV NV ]Ɋ& !XV NV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hV NV ]Ɋ& !XV NV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`V NV ]Ɋ& !XV NV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`V NV ]Ɋ& !XV NV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hV NV ]Ɋ& !XV NV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**V NV ]Ɋ&  !V NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a62fc36-c965-44dd-8f36-01f4d24b4f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=248a**NV ]Ɋ& !NV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec8109ef-bc47-4fe7-ba60-db82b10362d0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a62fc36-c965-44dd-8f36-01f4d24b4f00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6b**8NV ]Ɋ& !XNV F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**PNV ]Ɋ& !XNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**PNV ]Ɋ& !XNV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**HNV ]Ɋ& !XNV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**HNV ]Ɋ& !XNV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HNV ]Ɋ& !XNV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**NV ]Ɋ& !NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bec80725-3ee4-41b7-a0de-249a6c49bcec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**NV ]Ɋ& !NV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4abd861-057c-491d-ae9b-ba0aaef00a7c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bec80725-3ee4-41b7-a0de-249a6c49bcec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XNV ]Ɋ& !XNV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pNV ]Ɋ& !XNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hNV ]Ɋ& !XNV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`NV ]Ɋ& !XNV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`NV ]Ɋ& !XNV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`NV ]Ɋ& !XNV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**NV ]Ɋ& !NV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a0adc6-022d-4380-9cb4-febaab9c65a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**:OV ]Ɋ& !:OV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95ed9979-dd2e-4e8a-b0fa-c2cd43216e7c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a0adc6-022d-4380-9cb4-febaab9c65a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(:OV ]Ɋ& !X:OV F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@:OV ]Ɋ& !X:OV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@:OV ]Ɋ& !X:OV F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8:OV ]Ɋ& !X:OV F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX:OV F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX] F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XL( F&XElfChnk^SBnMu=VysMc&&**8 :OV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X:OV F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8:OV ]Ɋ& !X:OV F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**:OV ]Ɋ& !:OV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8968e413-3a96-4124-a62d-6e619af55500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**OV ]Ɋ& !OV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3967de3-9054-4367-9025-4d70c1954511 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8968e413-3a96-4124-a62d-6e619af55500 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X RV ]Ɋ& !X RV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p RV ]Ɋ& !X RV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6p**p RV ]Ɋ& !X RV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h RV ]Ɋ& !X RV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h RV ]Ɋ& !X RV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h RV ]Ɋ& !X RV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh** RV ]Ɋ&  ! RV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb69a3bc-0d24-40ff-80c6-6835092ea52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**fSV ]Ɋ& !fSV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94d0e945-94f4-4d48-8a1b-45c14b82cc0e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb69a3bc-0d24-40ff-80c6-6835092ea52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**fSV ]Ɋ& '!XfSV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**fSV ]Ɋ& ?!XfSV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**fSV ]Ɋ& ;!XfSV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fSV ]Ɋ& 3!XfSV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**fSV ]Ɋ& 3!XfSV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fSV ]Ɋ& 5!XfSV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0fSV ]Ɋ& !fSV F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f62dd6a2-3c3f-4b01-9f80-f0050e533a0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@͗TV ]Ɋ& !͗TV F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bb59a3e-874a-4207-b2b1-0a64b9b46e3f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f62dd6a2-3c3f-4b01-9f80-f0050e533a0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**e;ֹ ]Ɋ& )!Xe;ֹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a60-**e;ֹ ]Ɋ& A!Xe;ֹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**e;ֹ ]Ɋ& =!Xe;ֹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **e;ֹ ]Ɋ& 5!Xe;ֹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e;ֹ ]Ɋ& 5!Xe;ֹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V N**e;ֹ ]Ɋ& 7!Xe;ֹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0e;ֹ ]Ɋ& !e;ֹ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8a2e58-e415-4b0d-8dba-10d3675ab3ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=60**@l׹ ]Ɋ& !l׹ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8703b114-51b5-484f-b3a7-581f5b2f3ea3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d8a2e58-e415-4b0d-8dba-10d3675ab3ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**Xl׹ ]Ɋ& !Xl׹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**pl׹ ]Ɋ& !Xl׹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**hl׹ ]Ɋ& !Xl׹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`l׹ ]Ɋ& !Xl׹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`l׹ ]Ɋ& !Xl׹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hl׹ ]Ɋ& !Xl׹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**l׹ ]Ɋ&  !l׹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bc02571-b30f-4e46-884a-fa82315e13f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**l׹ ]Ɋ& !l׹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7be8ce56-d781-4f99-ba36-61d4eb391fd7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bc02571-b30f-4e46-884a-fa82315e13f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8)ع ]Ɋ& !X)ع F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P)ع ]Ɋ& !X)ع F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P)ع ]Ɋ& !X)ع F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H)ع ]Ɋ& !X)ع F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H)ع ]Ɋ& !X)ع F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H)ع ]Ɋ& !X)ع F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**)ع ]Ɋ& !)ع F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8bc3d6f-ac08-4311-9dcf-a1975216138b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**)ع ]Ɋ& !)ع F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23878e30-b376-47cb-b7df-859fd71aab7f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8bc3d6f-ac08-4311-9dcf-a1975216138b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X)ع ]Ɋ& !X)ع F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p)ع ]Ɋ& !X)ع F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h)ع ]Ɋ& !X)ع F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`)ع ]Ɋ& !X)ع F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)ع ]Ɋ& !X)ع F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`)ع ]Ɋ& !X)ع F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk`4Mu=VysMc&&**)ع ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !)ع F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98983f8a-6b8a-4eb2-a054-8222a9b947cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**)ع ]Ɋ& !)ع F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=afacc404-14c3-444c-a1b9-cd12d163827e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98983f8a-6b8a-4eb2-a054-8222a9b947cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(ع ]Ɋ& !Xع F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ع ]Ɋ& !Xع F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ع ]Ɋ& !Xع F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8ع ]Ɋ& !Xع F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8ع ]Ɋ& !Xع F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8ع ]Ɋ& !Xع F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**ع ]Ɋ& !ع F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=afe7db87-46a5-4b00-80d5-5d5e440abfac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**V6ٹ ]Ɋ& !V6ٹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38037f3a-1ec5-49ea-9637-5ba02b7239f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=afe7db87-46a5-4b00-80d5-5d5e440abfac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X۹ ]Ɋ& !X۹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p۹ ]Ɋ& !X۹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p۹ ]Ɋ& !X۹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h۹ ]Ɋ& !X۹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h۹ ]Ɋ& !X۹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h۹ ]Ɋ& !X۹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**۹ ]Ɋ&  !۹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df555f85-0e6f-44ce-958f-dec30d439894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& !۹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=347c9ba3-8198-47ff-b0c5-2c1c527fea67 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df555f85-0e6f-44ce-958f-dec30d439894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**۹ ]Ɋ& '!X۹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**۹ ]Ɋ& ?!X۹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& ;!X۹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& 3!X۹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**۹ ]Ɋ& 3!X۹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**۹ ]Ɋ& 5!X۹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0۹ ]Ɋ& !۹ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b8cc2b90-68e2-41eb-9bcc-297457aa3607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@F1ܹ ]Ɋ& !F1ܹ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7e2954b-d912-48cd-9e10-a605b33e88a6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b8cc2b90-68e2-41eb-9bcc-297457aa3607 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**@ ]Ɋ& )!X@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**@ ]Ɋ& A!X@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-4f**@ ]Ɋ& =!X@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**@ ]Ɋ& 5!X@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@ ]Ɋ& 7!X@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0@ ]Ɋ& !@ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6de56623-eb33-4f60-96da-70dcc90c0868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@m ]Ɋ& !m F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51d14da0-8873-4f11-949d-9dd4e6b399f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6de56623-eb33-4f60-96da-70dcc90c0868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06498c3-c4bc-4a61-9bff-2bd95cf7d3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand** H ]Ɋ& !H  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8314df1-650b-4e10-b44d-c3263fcd36d9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d06498c3-c4bc-4a61-9bff-2bd95cf7d3cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 1 ]Ɋ& !X1  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P1 ]Ɋ& !X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P1 ]Ɋ& !X1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H1 ]Ɋ& !X1 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H1 ]Ɋ& !X1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H1 ]Ɋ& !X1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**1 ]Ɋ& !1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c93fa8b0-6d00-4bde-8b3d-7d4febc1952e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm1ElfChnkCCH\_GB /Mu=VysMc&&**1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2306757f-d00c-434d-8f0d-72f07465d7ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c93fa8b0-6d00-4bde-8b3d-7d4febc1952e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X1 ]Ɋ& !X1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p1 ]Ɋ& !X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h1 ]Ɋ& !X1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`1 ]Ɋ& !X1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`1 ]Ɋ& !X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1 ]Ɋ& !X1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**1 ]Ɋ& !1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefb4527-ef56-4345-b316-e8a0a1fe019c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ذ**1 ]Ɋ& !1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9c7c968-6487-4856-8cce-7787e0d88de1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefb4527-ef56-4345-b316-e8a0a1fe019c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(y ]Ɋ& !Xy F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@y ]Ɋ& !Xy F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@y ]Ɋ& !Xy F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 y ]Ɋ& !Xy  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8!y ]Ɋ& !Xy! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8"y ]Ɋ& !Xy" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**#y ]Ɋ& !y# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=feb79c17-f83e-4db8-a037-66be6d6a2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$^ ]Ɋ& !^$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d819ead3-b02f-4448-894a-3df7ef89ac02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=feb79c17-f83e-4db8-a037-66be6d6a2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X%套 ]Ɋ& !X套% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p&套 ]Ɋ& !X套& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p'套 ]Ɋ& !X套' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h(套 ]Ɋ& !X套( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h)套 ]Ɋ& !X套) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h*套 ]Ɋ& !X套* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+套 ]Ɋ&  !套+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06e3eddb-3124-484e-a8d4-75f1a630d8c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,{> ]Ɋ& !{>, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03f62a8b-bd53-4765-a82a-8a7e9f264cb8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06e3eddb-3124-484e-a8d4-75f1a630d8c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**-{> ]Ɋ& '!X{>- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.{> ]Ɋ& ?!X{>. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**/{> ]Ɋ& ;!X{>/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**0{> ]Ɋ& 3!X{>0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **1{> ]Ɋ& 3!X{>1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**2{> ]Ɋ& 5!X{>2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**03{> ]Ɋ& !{>3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=85fc84ba-3e09-4b12-b7dd-ec2da0ee5af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4o ]Ɋ& !o4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c194d3d-1830-4bbc-a68a-09ca76f3282d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=85fc84ba-3e09-4b12-b7dd-ec2da0ee5af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-70d@**5$T3 ]Ɋ& )!X$T35 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**6$T3 ]Ɋ& A!X$T36 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**7$T3 ]Ɋ& =!X$T37 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c3**8$T3 ]Ɋ& 5!X$T38 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**9$T3 ]Ɋ& 5!X$T39 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:$T3 ]Ɋ& 7!X$T3: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;$T3 ]Ɋ& !$T3; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449f4fc-b920-475d-8ec7-e2c1ce00e047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<UU3 ]Ɋ& !UU3< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfeeb506-0da4-4ec4-9130-fe785fce8a99 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449f4fc-b920-475d-8ec7-e2c1ce00e047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=UU3 ]Ɋ& !XUU3= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>UU3 ]Ɋ& !XUU3> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?UU3 ]Ɋ& !XUU3? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@UU3 ]Ɋ& !XUU3@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`AUU3 ]Ɋ& !XUU3A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hBUU3 ]Ɋ& !XUU3B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**CUU3 ]Ɋ&  !UU3C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!1 ]Ɋ& atUU3D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkDtDt@<]CuMu=VysMc&&**DUU3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !UU3D F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7bbd444e-c4cc-46f9-bb19-d772d82c6cbd HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aff2b60f-8d22-4076-901f-e10e44d0b5c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8EU3 ]Ɋ& !XU3E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**PFU3 ]Ɋ& !XU3F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**PGU3 ]Ɋ& !XU3G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**HHU3 ]Ɋ& !XU3H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HIU3 ]Ɋ& !XU3I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HJU3 ]Ɋ& !XU3J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**KU3 ]Ɋ& !U3K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5403764f-6c1c-4b92-8cfa-e515bd75597b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **LU3 ]Ɋ& !U3L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5643919-c03d-49dd-aeb1-e7df08beaf8b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5403764f-6c1c-4b92-8cfa-e515bd75597b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XMU3 ]Ɋ& !XU3M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pNU3 ]Ɋ& !XU3N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hOU3 ]Ɋ& !XU3O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94h**`PU3 ]Ɋ& !XU3P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`QU3 ]Ɋ& !XU3Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`RU3 ]Ɋ& !XU3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**SU3 ]Ɋ& !U3S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9edbb0-733d-46fd-8415-ba1ec30b6990 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**TU3 ]Ɋ& !U3T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a694c807-173d-4477-a198-734931846db8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9edbb0-733d-46fd-8415-ba1ec30b6990 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(UV3 ]Ɋ& !XV3U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@VV3 ]Ɋ& !XV3V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@WV3 ]Ɋ& !XV3W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8XV3 ]Ɋ& !XV3X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8YV3 ]Ɋ& !XV3Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8ZV3 ]Ɋ& !XV3Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**[V3 ]Ɋ& !V3[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dda401d2-d7fe-44a3-8f7a-e9b4a1ce550e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**\W3 ]Ɋ& !W3\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56128d55-1756-4682-8835-d57917d66f09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dda401d2-d7fe-44a3-8f7a-e9b4a1ce550e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X]PX3 ]Ɋ& !XPX3] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p^PX3 ]Ɋ& !XPX3^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p_PX3 ]Ɋ& !XPX3_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h`PX3 ]Ɋ& !XPX3` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**haPX3 ]Ɋ& !XPX3a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**hbPX3 ]Ɋ& !XPX3b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**cPX3 ]Ɋ&  !PX3c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=988494a0-b941-47ba-b829-239e04e66d53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**dxX3 ]Ɋ& !xX3d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=325147ef-806f-4b58-8f46-db6354e745e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=988494a0-b941-47ba-b829-239e04e66d53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**exX3 ]Ɋ& '!XxX3e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**fxX3 ]Ɋ& ?!XxX3f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**gxX3 ]Ɋ& ;!XxX3g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **hxX3 ]Ɋ& 3!XxX3h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**ixX3 ]Ɋ& 3!XxX3i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**jxX3 ]Ɋ& 5!XxX3j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0kxX3 ]Ɋ& !xX3k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5417e439-826a-4d9d-b06a-b8b0520148bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@lZ3 ]Ɋ& !Z3l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98962571-715b-41cd-81b7-bb007d3a755d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5417e439-826a-4d9d-b06a-b8b0520148bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**moZ ]Ɋ& )!XoZm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**noZ ]Ɋ& A!XoZn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**ooZ ]Ɋ& =!XoZo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**poZ ]Ɋ& 5!XoZp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**qoZ ]Ɋ& 5!XoZq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**roZ ]Ɋ& 7!XoZr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0soZ ]Ɋ& !oZs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefda8b5-6463-4f20-8ff2-7b75b8244161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f613ab1-de86-4f44-acfb-7a948620127d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cefda8b5-6463-4f20-8ff2-7b75b8244161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e44@b5c6 Pipel ]Ɋ& meXu F&e=ElfChnkuuH7sJ>Mu=VysMc&&**Xu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!Xu F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`x ]Ɋ& !Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**{ ]Ɋ&  !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdc7a89f-3344-4c1c-a681-26e16f0c06d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U3**|3$ ]Ɋ& !3$| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=108f90c7-92cf-476c-ad3f-dccad4091b5b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bdc7a89f-3344-4c1c-a681-26e16f0c06d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8}3$ ]Ɋ& !X3$} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~3$ ]Ɋ& !X3$~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P3$ ]Ɋ& !X3$ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H3$ ]Ɋ& !X3$ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PH**H3$ ]Ɋ& !X3$ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H3$ ]Ɋ& !X3$ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**3$ ]Ɋ& !3$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d7da27e-b078-46cc-a2c1-9603d38b13dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U**3$ ]Ɋ& !3$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af7280a1-1d6b-4a6e-9c48-5c56796742b9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7d7da27e-b078-46cc-a2c1-9603d38b13dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X3$ ]Ɋ& !X3$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p3$ ]Ɋ& !X3$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h3$ ]Ɋ& !X3$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`3$ ]Ɋ& !X3$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`3$ ]Ɋ& !X3$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`3$ ]Ɋ& !X3$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3$ ]Ɋ& !3$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3662709-9ab2-4bb5-889b-b6ddf0475f37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ɼ ]Ɋ& !ɼ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ce46cdf-940c-4e55-b5ac-7c36853e03d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3662709-9ab2-4bb5-889b-b6ddf0475f37 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(ɼ ]Ɋ& !Xɼ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ɼ ]Ɋ& !Xɼ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ɼ ]Ɋ& !Xɼ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8ɼ ]Ɋ& !Xɼ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8ɼ ]Ɋ& !Xɼ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==328**8ɼ ]Ɋ& !Xɼ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**ɼ ]Ɋ& !ɼ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ecea6414-0140-421f-b26f-ef6cb62ef6ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**`U ]Ɋ& !`U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0726ee1a-f098-49c0-ab58-94acb0a3f16f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ecea6414-0140-421f-b26f-ef6cb62ef6ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X蓑 ]Ɋ& !X蓑 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p蓑 ]Ɋ& !X蓑 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p蓑 ]Ɋ& !X蓑 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h蓑 ]Ɋ& !X蓑 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h蓑 ]Ɋ& !X蓑 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h蓑 ]Ɋ& !X蓑 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**蓑 ]Ɋ&  !蓑 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c349a59-a292-4d2e-a051-ed77438c46c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2fe9075d-72f6-4d39-a354-ba95efa01b31 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c349a59-a292-4d2e-a051-ed77438c46c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **} ]Ɋ& '!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**} ]Ɋ& ?!X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**} ]Ɋ& ;!X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**} ]Ɋ& 3!X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**} ]Ɋ& 3!X} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**} ]Ɋ& 5!X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0} ]Ɋ& !} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fd87a03-709e-46a2-9f06-97a33dcfcd71 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @pelineId=  ]Ɋ& maX}U F&b5c6 Pipel ]Ɋ& meXu F&e=ElfChnkhP$StMu=VysMc&&**}U ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X}U F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**}U ]Ɋ& A!X}U F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**}U ]Ɋ& =!X}U F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**}U ]Ɋ& 5!X}U F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **}U ]Ɋ& 5!X}U F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10**}U ]Ɋ& 7!X}U F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0}U ]Ɋ& !}U F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed34a11a-8c5c-42b8-8723-692b264e753e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a868a5f-3297-4343-ba78-7b33b91cc279 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed34a11a-8c5c-42b8-8723-692b264e753e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=742fae07-055d-4f3b-bfda-2ce07ed9881f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f83107b3-76c6-4c71-96e4-a3d981cea31e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=742fae07-055d-4f3b-bfda-2ce07ed9881f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab40ef8b-b009-48a6-badc-2dd8c8e3c933 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**@ ]Ɋ& !@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aecf0d52-f650-427e-9710-590cdbb7b6e3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab40ef8b-b009-48a6-badc-2dd8c8e3c933 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X@ ]Ɋ& !X@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p@ ]Ɋ& !X@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**h@ ]Ɋ& !X@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`@ ]Ɋ& !X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`@ ]Ɋ& !X@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`@ ]Ɋ& !X@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4033adef-ace2-4ed8-9b02-53a9c41a62ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& !@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a6b73b2-6bf6-4162-a4db-3b40b709a8bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4033adef-ace2-4ed8-9b02-53a9c41a62ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(@ ]Ɋ& !X@ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@@ ]Ɋ& !X@ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@@ ]Ɋ& !X@ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8@ ]Ɋ& !X@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8@ ]Ɋ& !X@ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8@ ]Ɋ& !X@ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**@ ]Ɋ& !@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d0892073-35f9-40f7-8ae2-571db3dab13d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**׷ ]Ɋ& !׷ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a2a1a6f-939c-4c8b-b902-e99dca4d5487 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d0892073-35f9-40f7-8ae2-571db3dab13d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a59p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1664a987-22ee-4409-a250-8e57a1220591 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& !1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c14cf0db-1c04-47cc-8ab3-03f6702ec7c2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1664a987-22ee-4409-a250-8e57a1220591 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**1 ]Ɋ& '!X1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**1 ]Ɋ& ?!X1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a2-9f06-97a3 ]Ɋ& reX1 F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da0fc8fa-e862-4f90-96ee-67caf06a1b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 @pelineId=  ]Ɋ& maX}U F&b5c6 Pipel ]Ɋ& meXu F&e=ElfChnk @V R>Mu=VysMc&&** 1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X1 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& 3!X1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}U**1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3b9**1 ]Ɋ& 5!X1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Dz ]Ɋ& !Dz F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d5537b74-da24-4219-99fe-ead73e3fc961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@^K ]Ɋ& !^K F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15250bf3-6f64-4687-aed1-64d4360a5319 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d5537b74-da24-4219-99fe-ead73e3fc961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c5723e5-2023-4249-888a-b257107b2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ " ]Ɋ& ! " F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdb29d-5cd9-459a-892e-7193959f2a19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c5723e5-2023-4249-888a-b257107b2bbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X " ]Ɋ& !X " F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h " ]Ɋ& !X " F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` " ]Ɋ& !X " F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` " ]Ɋ& !X " F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h " ]Ɋ& !X " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah** " ]Ɋ&  ! " F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d7461cb-ad13-4a7f-b3e0-9567c359b4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New** " ]Ɋ& ! " F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=670b7151-f92e-4d84-9a69-6083056c7456 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d7461cb-ad13-4a7f-b3e0-9567c359b4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8 " ]Ɋ& !X " F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P " ]Ɋ& !X " F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H " ]Ɋ& !X " F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X " F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H " ]Ɋ& !X " F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** " ]Ɋ& ! " F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa2cf74-1646-4a61-b4e2-7f2a398ee8fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** " ]Ɋ& ! " F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=62964928-8381-424b-9965-b9f6025e6f16 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa2cf74-1646-4a61-b4e2-7f2a398ee8fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**" ]Ɋ& !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f995818-8bed-4fce-aa85-674936c18bc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a65c14b-a931-4467-b2b9-d4107295fdaf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f995818-8bed-4fce-aa85-674936c18bc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f7**(" ]Ɋ& !X" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@" ]Ɋ& !X" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@" ]Ɋ& !X" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8" ]Ɋ& !X" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8" ]Ɋ& !X" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8" ]Ɋ& !X" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**" ]Ɋ& !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bc1c277d-e558-4c3c-8543-c277ac9527fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**3;# ]Ɋ& !3;# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b33b8816-2178-4d7b-9888-cea41107487d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bc1c277d-e558-4c3c-8543-c277ac9527fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p% ]Ɋ& !X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p% ]Ɋ& !X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h% ]Ɋ& !X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h % ]Ɋ& !X%  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X%  F&]Ɋ& meXu F&e=ElfChnk < <H{x`Mu=VysMc&&**p % ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X%  F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp ** % ]Ɋ&  !%  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea08dab2-6996-4da1-85cd-cedf73e38380 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc** % ]Ɋ& !%  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7ab198d-9fc7-403c-8b87-bfc5d35a1630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea08dab2-6996-4da1-85cd-cedf73e38380 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio** % ]Ɋ& '!X%  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**% ]Ɋ& ?!X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**% ]Ɋ& ;!X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**% ]Ɋ& 3!X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**% ]Ɋ& 3!X% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **% ]Ɋ& 5!X% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0% ]Ɋ& !% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d61efc67-568a-4b86-8cee-70f1c5a2985d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=930**@$6& ]Ɋ& !$6& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d9804eb-9318-4e31-8bb8-ce5675eeafd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d61efc67-568a-4b86-8cee-70f1c5a2985d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**-t ]Ɋ& )!X-t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**-t ]Ɋ& A!X-t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**-t ]Ɋ& =!X-t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**-t ]Ɋ& 5!X-t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**-t ]Ɋ& 5!X-t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**-t ]Ɋ& 7!X-t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0-t ]Ɋ& !-t F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b63e5288-d9f5-4344-9e08-12b6797963b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@Zu ]Ɋ& !Zu F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6f87397-a1c6-4808-b26b-7a5f95f75cc3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b63e5288-d9f5-4344-9e08-12b6797963b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X`v ]Ɋ& !X`v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p`v ]Ɋ& !X`v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`v ]Ɋ& !X`v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` `v ]Ɋ& !X`v  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!`v ]Ɋ& !X`v! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"`v ]Ɋ& !X`v" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**#`v ]Ɋ&  !`v# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2531db38-0275-4891-bb41-d0565d0c39f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**$v ]Ɋ& !v$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0444e163-240d-4307-beac-a843f21cf279 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2531db38-0275-4891-bb41-d0565d0c39f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8%w ]Ɋ& !Xw% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**P&w ]Ɋ& !Xw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**P'w ]Ɋ& !Xw' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H(w ]Ɋ& !Xw( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H)w ]Ɋ& !Xw) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine="H**H*w ]Ɋ& !Xw* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**+w ]Ɋ& !w+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b258969-c2cd-4d03-ad23-230687437afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,w ]Ɋ& !w, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1975ad6d-3864-4e3c-8b00-2710d55a155c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b258969-c2cd-4d03-ad23-230687437afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-*x ]Ɋ& !X*x- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.*x ]Ɋ& !X*x. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h/*x ]Ɋ& !X*x/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`0*x ]Ɋ& !X*x0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`1*x ]Ɋ& !X*x1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`2*x ]Ɋ& !X*x2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**3*x ]Ɋ& !*x3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=674ddbd3-5921-45ff-aed5-b116e3957aaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**4*x ]Ɋ& !*x4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94df55c4-0de0-4ebb-baf0-a46b97ab81b0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=674ddbd3-5921-45ff-aed5-b116e3957aaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(5Jx ]Ɋ& !XJx5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@6Jx ]Ɋ& !XJx6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@7Jx ]Ɋ& !XJx7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**88Jx ]Ɋ& !XJx8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**89Jx ]Ɋ& !XJx9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8:Jx ]Ɋ& !XJx: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**;Jx ]Ɋ& !Jx; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7398a2d6-e763-4f4d-9d15-d4f369b734f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<[y ]Ɋ& ![y< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=272c2d79-e461-42aa-9420-52698236999a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7398a2d6-e763-4f4d-9d15-d4f369b734f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& Xs= F&X%  F&]Ɋ& meXu F&e=ElfChnk=n=nH QMu=VysMc&&**` =s ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!Xs= F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p>s ]Ɋ& !Xs> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?s ]Ɋ& !Xs? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h@s ]Ɋ& !Xs@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hAs ]Ɋ& !XsA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hBs ]Ɋ& !XsB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**CW  ]Ɋ&  !W C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa0522d-5501-4463-a0a0-1b9a98877af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3f10f38-1ee3-425a-9ced-cf42a9591169 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=caa0522d-5501-4463-a0a0-1b9a98877af7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**EG ]Ɋ& '!XGE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**FG ]Ɋ& ?!XGF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**GG ]Ɋ& ;!XGG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-b**HG ]Ɋ& 3!XGH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**IG ]Ɋ& 3!XGI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b26**JG ]Ɋ& 5!XGJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0KG ]Ɋ& !GK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a8e3d1-2b2b-41fa-a0c9-fd202cc96999 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@Lޟ ]Ɋ& !ޟL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9df65cad-70bd-4815-828a-ccdfcfabdf76 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a8e3d1-2b2b-41fa-a0c9-fd202cc96999 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**M74y ]Ɋ& )!X74yM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**N74y ]Ɋ& A!X74yN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **O74y ]Ɋ& =!X74yO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**P74y ]Ɋ& 5!X74yP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**Q74y ]Ɋ& 5!X74yQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **R74y ]Ɋ& 7!X74yR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0S74y ]Ɋ& !74yS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f62e1407-0e60-4558-b6b1-2b602ffbb1ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@Ti5y ]Ɋ& !i5yT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0a5774c-34cb-4a79-98e2-6d4cfe660cdc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f62e1407-0e60-4558-b6b1-2b602ffbb1ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XU6y ]Ɋ& !X6yU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV6y ]Ɋ& !X6yV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hW6y ]Ɋ& !X6yW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`X6y ]Ɋ& !X6yX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`Y6y ]Ɋ& !X6yY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hZ6y ]Ɋ& !X6yZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**[6y ]Ɋ&  !6y[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449513d-65e8-47b9-98e9-4e49c65c3414 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**\6y ]Ɋ& !6y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f50d548-a4f8-4e8c-a9b3-817a1f695650 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3449513d-65e8-47b9-98e9-4e49c65c3414 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8]6y ]Ɋ& !X6y] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P^6y ]Ɋ& !X6y^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P_6y ]Ɋ& !X6y_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H`6y ]Ɋ& !X6y` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**Ha6y ]Ɋ& !X6ya F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**Hb6y ]Ɋ& !X6yb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**c6y ]Ɋ& !6yc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52fb5742-d7e4-43b7-b89c-cbb8ff25360d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **d6y ]Ɋ& !6yd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc74c0e5-dec5-433e-85c7-523320e70cc8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52fb5742-d7e4-43b7-b89c-cbb8ff25360d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XeC6y ]Ɋ& !XC6ye F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5X**pfC6y ]Ɋ& !XC6yf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hgC6y ]Ɋ& !XC6yg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`hC6y ]Ɋ& !XC6yh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`iC6y ]Ɋ& !XC6yi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`jC6y ]Ɋ& !XC6yj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**kC6y ]Ɋ& !C6yk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d029efb2-ed02-4200-ab69-c950a5fcbbf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**lC6y ]Ɋ& !C6yl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6b79277-31bd-41ef-8f3b-473bc3878553 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d029efb2-ed02-4200-ab69-c950a5fcbbf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m27y ]Ɋ& !X27ym F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@n27y ]Ɋ& !X27yn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X27yo F&X%  F&]Ɋ& meXu F&e=ElfChnkooPՅMu=VysMc&&**@ o27y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X27yo F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8p27y ]Ɋ& !X27yp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8q27y ]Ɋ& !X27yq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8r27y ]Ɋ& !X27yr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**s27y ]Ɋ& !27ys F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=38860cca-bb31-42ae-b9bb-7fdb87b0d550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**tp7y ]Ɋ& !p7yt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2b09291-d817-45cf-99b0-2fe33a070d5b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=38860cca-bb31-42ae-b9bb-7fdb87b0d550 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xu39y ]Ɋ& !X39yu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pv39y ]Ɋ& !X39yv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pw39y ]Ɋ& !X39yw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hx39y ]Ɋ& !X39yx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hy39y ]Ɋ& !X39yy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hz39y ]Ɋ& !X39yz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**{39y ]Ɋ&  !39y{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=185cd053-6fa7-4629-830c-4a39cc4eda31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**|-:y ]Ɋ& !-:y| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78bb5248-937a-4622-bf87-a0409f6b47a3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=185cd053-6fa7-4629-830c-4a39cc4eda31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**}-:y ]Ɋ& '!X-:y} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**~-:y ]Ɋ& ?!X-:y~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**-:y ]Ɋ& ;!X-:y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4a**-:y ]Ɋ& 3!X-:y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****-:y ]Ɋ& 3!X-:y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a79**-:y ]Ɋ& 5!X-:y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0-:y ]Ɋ& !-:y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fac42c04-0e79-4d36-b96e-5ca726ead048 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@^;y ]Ɋ& !^;y F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4210abd8-ae88-471a-9b0d-13729d564ab6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fac42c04-0e79-4d36-b96e-5ca726ead048 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c16bcd52-6b17-4798-8d7d-ebf03218ef22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@?. ]Ɋ& !?. F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=97746236-d2a0-482b-8e7f-125d925ce351 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c16bcd52-6b17-4798-8d7d-ebf03218ef22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X?. ]Ɋ& !X?. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p?. ]Ɋ& !X?. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?. ]Ɋ& !X?. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`?. ]Ɋ& !X?. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`?. ]Ɋ& !X?. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h?. ]Ɋ& !X?. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**?. ]Ɋ&  !?. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=773b93e9-0663-4518-9a6c-7ec98c3b6477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**Ɯ ]Ɋ& !Ɯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e73861ac-f4cc-4cd3-bb4d-7d09f45c5bf3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=773b93e9-0663-4518-9a6c-7ec98c3b6477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8Ɯ ]Ɋ& !XƜ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**PƜ ]Ɋ& !XƜ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**PƜ ]Ɋ& !XƜ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**HƜ ]Ɋ& !XƜ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HƜ ]Ɋ& !XƜ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HƜ ]Ɋ& !XƜ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**Ɯ ]Ɋ& !Ɯ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c1d3520-a2a2-4552-b2e4-3e634339f1fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**Ɯ ]Ɋ& !Ɯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=991268ec-0d1e-40d5-97c2-8e048358ad18 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c1d3520-a2a2-4552-b2e4-3e634339f1fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XƜ ]Ɋ& !XƜ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7yX**pƜ ]Ɋ& !XƜ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hƜ ]Ɋ& !XƜ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XƜ F&CommandPath= CommandLine= @riptName=  ]Ɋ& X27yo F&X%  F&]Ɋ& meXu F&e=ElfChnkXoĶ xMu=VysMc&&**hƜ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XƜ F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`Ɯ ]Ɋ& !XƜ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`Ɯ ]Ɋ& !XƜ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**Ɯ ]Ɋ& !Ɯ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d237351-871d-4cb5-89dc-e872dd4bbcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **l_ ]Ɋ& !l_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc25c86f-ac2d-453b-b97a-af705f34bb83 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d237351-871d-4cb5-89dc-e872dd4bbcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(l_ ]Ɋ& !Xl_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@l_ ]Ɋ& !Xl_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@l_ ]Ɋ& !Xl_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8l_ ]Ɋ& !Xl_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8l_ ]Ɋ& !Xl_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8l_ ]Ɋ& !Xl_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**l_ ]Ɋ& !l_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f551e48-208e-4ef3-a17a-4ef7984f5c03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=606d39a5-9325-42f8-8c94-4603a3d53cdb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f551e48-208e-4ef3-a17a-4ef7984f5c03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=42h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d674ff5e-e7a4-422b-a908-a58123b8d3c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **]Z ]Ɋ& !]Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=295d256b-f43e-4427-8923-0f18577f1ed1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d674ff5e-e7a4-422b-a908-a58123b8d3c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=84abe217-ef40-4ef8-a981-5156d87bea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ffee992-5a5a-451d-9c86-067dca8fd5ab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=84abe217-ef40-4ef8-a981-5156d87bea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**)' ]Ɋ& )!X)' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)' ]Ɋ& A!X)' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)' ]Ɋ& =!X)' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)' ]Ɋ& 5!X)' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**)' ]Ɋ& 5!X)' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**)' ]Ɋ& 7!X)' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0' ]Ɋ& !' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f8aaac-017f-4607-9cad-c763e2a793ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@V' ]Ɋ& !V' F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a44e966e-c8d8-412f-b039-7bd935d2aa92 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=81f8aaac-017f-4607-9cad-c763e2a793ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e7@**XV' ]Ɋ& !XV' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**pV' ]Ɋ& !XV' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**hV' ]Ɋ& !XV' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`V' ]Ɋ& !XV' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`V' ]Ɋ& !XV' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**hV' ]Ɋ& !XV' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=358ah**V' ]Ɋ&  !V' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b09e9df0-4349-4684-96c5-1ffb5bba5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**N' ]Ɋ& !N' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dad4d79-2a45-45ab-bc26-de427dddb41f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b09e9df0-4349-4684-96c5-1ffb5bba5edd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8' ]Ɋ& !X' F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P' ]Ɋ& !X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**P' ]Ɋ& !X' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=34bbP**H' ]Ɋ& !X' F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& X' ElfChnkHBZ Mu=VysMc&&**H' ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X' F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H' ]Ɋ& !X' F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**' ]Ɋ& !' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d037199-6a0e-4cd3-93b1-480be4ab2189 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44954dea-2e45-44ae-bcc9-98cbe74c2bcb HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d037199-6a0e-4cd3-93b1-480be4ab2189 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X' ]Ɋ& !X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p' ]Ɋ& !X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`' ]Ɋ& !X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`' ]Ɋ& !X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`' ]Ɋ& !X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**' ]Ɋ& !' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=245911e1-a32b-4b10-abcd-9d35260c1e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4409fc1-1093-4226-862d-f52c210e2be7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=245911e1-a32b-4b10-abcd-9d35260c1e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(' ]Ɋ& !X' F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@' ]Ɋ& !X' F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@' ]Ɋ& !X' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8' ]Ɋ& !X' F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8' ]Ɋ& !X' F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8' ]Ɋ& !X' F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**G' ]Ɋ& !G' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=714ed5c5-ff50-4628-b52a-d70518d68c6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **I' ]Ɋ& !I' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75b69e88-ea0a-491f-b5be-fcdbb61f9bb7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=714ed5c5-ff50-4628-b52a-d70518d68c6f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XD' ]Ɋ& !XD' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pD' ]Ɋ& !XD' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pD' ]Ɋ& !XD' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hD' ]Ɋ& !XD' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hD' ]Ɋ& !XD' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hD' ]Ɋ& !XD' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**D' ]Ɋ&  !D' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eea6069-8cb6-4109-b2be-9b8d1b3f2603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d' ]Ɋ& !d' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acf211f7-8c72-44d3-bde9-d7d940dabbfa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eea6069-8cb6-4109-b2be-9b8d1b3f2603 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**' ]Ɋ& '!X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **' ]Ɋ& ?!X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**' ]Ɋ& ;!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**' ]Ɋ& 3!X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **' ]Ɋ& 3!X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**' ]Ɋ& 5!X' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0' ]Ɋ& !' F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=50822ad8-7387-4601-ae96-288b7c66bcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@?' ]Ɋ& !?' F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0842d6e-0e30-4553-82d3-58c0b3af3dab HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=50822ad8-7387-4601-ae96-288b7c66bcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c76@**UЋ ]Ɋ& )!XUЋ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**UЋ ]Ɋ& A!XUЋ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**UЋ ]Ɋ& =!XUЋ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**UЋ ]Ɋ& 5!XUЋ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**UЋ ]Ɋ& 5!XUЋ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**UЋ ]Ɋ& 7!XUЋ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V**0UЋ ]Ɋ& !UЋ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14b98ccc-7762-46b0-90f8-9397e0badf15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@цы ]Ɋ& !цы F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57a9b485-e1c2-4e72-a994-226c0119966c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14b98ccc-7762-46b0-90f8-9397e0badf15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xцы ]Ɋ& !Xцы F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pцы ]Ɋ& !Xцы F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hцы ]Ɋ& !Xцы F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`цы ]Ɋ& !Xцы F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`цы ]Ɋ& !Xцы F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xцы F& ElfChnk22O,0Mu=VysMc&&**hцы ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xцы F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hҋ ]Ɋ&  !hҋ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d7a9a07-0c0b-435a-9ea2-1d44fc61366a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**hҋ ]Ɋ& !hҋ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4fe2251-a661-4954-a119-a14e03bf7898 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d7a9a07-0c0b-435a-9ea2-1d44fc61366a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8hҋ ]Ɋ& !Xhҋ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Phҋ ]Ɋ& !Xhҋ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Phҋ ]Ɋ& !Xhҋ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**Hhҋ ]Ɋ& !Xhҋ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H hҋ ]Ɋ& !Xhҋ  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H hҋ ]Ɋ& !Xhҋ  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H** hҋ ]Ɋ& !hҋ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d84918fe-c0be-4d88-9227-f4df690a04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** hҋ ]Ɋ& !hҋ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6dcdcfb-af85-4bbf-8b6f-0e81349992f1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d84918fe-c0be-4d88-9227-f4df690a04c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X +Ӌ ]Ɋ& !X+Ӌ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p+Ӌ ]Ɋ& !X+Ӌ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h+Ӌ ]Ɋ& !X+Ӌ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`+Ӌ ]Ɋ& !X+Ӌ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`+Ӌ ]Ɋ& !X+Ӌ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`+Ӌ ]Ɋ& !X+Ӌ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+Ӌ ]Ɋ& !+Ӌ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ecc823b-4c8b-4113-9434-419f8fc47c04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+Ӌ ]Ɋ& !+Ӌ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9fae5fb4-3281-47f7-bb93-b73ec8fca0e0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ecc823b-4c8b-4113-9434-419f8fc47c04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(+Ӌ ]Ɋ& !X+Ӌ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@+Ӌ ]Ɋ& !X+Ӌ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@+Ӌ ]Ɋ& !X+Ӌ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8+Ӌ ]Ɋ& !X+Ӌ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8+Ӌ ]Ɋ& !X+Ӌ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8+Ӌ ]Ɋ& !X+Ӌ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+Ӌ ]Ɋ& !+Ӌ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9a5c6cd3-3dde-4d47-adeb-cdfae1f64142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**XՋ ]Ɋ& !XՋ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5c88e8-e323-4ff9-b486-55846ec5ab28 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9a5c6cd3-3dde-4d47-adeb-cdfae1f64142 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X ً ]Ɋ& !X ً F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p ً ]Ɋ& !X ً F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p ً ]Ɋ& !X ً F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h ً ]Ɋ& !X ً  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**h! ً ]Ɋ& !X ً! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**h" ً ]Ɋ& !X ً" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**# ً ]Ɋ&  ! ً# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bddbb92c-ae04-4414-a336-f0ed1582ffd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$wڋ ]Ɋ& !wڋ$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0a8cd16-ed47-468f-8c84-0780368acb56 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bddbb92c-ae04-4414-a336-f0ed1582ffd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**%9ۋ ]Ɋ& '!X9ۋ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**&9ۋ ]Ɋ& ?!X9ۋ& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**'9ۋ ]Ɋ& ;!X9ۋ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(9ۋ ]Ɋ& 3!X9ۋ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)9ۋ ]Ɋ& 3!X9ۋ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame***9ۋ ]Ɋ& 5!X9ۋ* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0+9ۋ ]Ɋ& !9ۋ+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99708748-85d4-4a09-88ca-4adafdccebb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@,fA܋ ]Ɋ& !fA܋, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b92006a-bafc-44bf-90fa-5c29cdfda3b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=99708748-85d4-4a09-88ca-4adafdccebb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=adf1@**-4 ]Ɋ& )!X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**.4 ]Ɋ& A!X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**/4 ]Ɋ& =!X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=78**04 ]Ɋ& 5!X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**14 ]Ɋ& 5!X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk3b3bU[?IuMu=VysMc&&**83w͂ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !w͂3 F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64115f3d-e003-4a11-b9fd-71627b2df8e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@4f ]Ɋ& !f4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=64115f3d-e003-4a11-b9fd-71627b2df8e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**; ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc02299a-6388-48cc-b830-507d740f044f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb5d212d-b0f5-4d23-bb2f-800f4fdc8863 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc02299a-6388-48cc-b830-507d740f044f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8= ]Ɋ& !X= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P? ]Ɋ& !X? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H@ ]Ɋ& !X@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HA ]Ɋ& !XA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HB ]Ɋ& !XB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8344bbde-ecda-4597-87e5-6a7171ff2e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f5f26f7-7d1b-42b4-9ed3-6a526bdcb887 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8344bbde-ecda-4597-87e5-6a7171ff2e62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XE; ]Ɋ& !X;E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==2ecX**pF; ]Ɋ& !X;F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hG; ]Ɋ& !X;G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`H; ]Ɋ& !X;H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`I; ]Ɋ& !X;I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`J; ]Ɋ& !X;J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**K; ]Ɋ& !;K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd31db4-6cea-4d90-a092-d6dd03697653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**L; ]Ɋ& !;L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ebe01984-2f71-4da4-9f42-f5b8905e3936 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd31db4-6cea-4d90-a092-d6dd03697653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(M; ]Ɋ& !X;M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@N; ]Ɋ& !X;N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@O; ]Ɋ& !X;O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8P; ]Ɋ& !X;P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8Q; ]Ɋ& !X;Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8R; ]Ɋ& !X;R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S; ]Ɋ& !;S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8758e2e-20fa-416f-84e2-73afb0ab61ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**T/ ]Ɋ& !/T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8aab1406-76df-45b6-96cd-348515a4eb74 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b8758e2e-20fa-416f-84e2-73afb0ab61ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hZ ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5433ef9-cf06-492a-adfd-dbdc6282062c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\* ]Ɋ& !*\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c304d8c4-906c-45b7-b8df-85e50e5b93e7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5433ef9-cf06-492a-adfd-dbdc6282062c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**]* ]Ɋ& '!X*] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**^* ]Ɋ& ?!X*^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_* ]Ɋ& ;!X*_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`* ]Ɋ& 3!X*` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**a* ]Ɋ& 3!X*a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b* ]Ɋ& 5!X*b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35*c F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkccH|89nMu=VysMc&&**8 c* ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !*c F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fae90d1e-c81c-46eb-a7ed-d3b257532d45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-78 **@d[ ]Ɋ& ![d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bfd214a-c874-436d-9a61-9f2c5ed5b554 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fae90d1e-c81c-46eb-a7ed-d3b257532d45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**el6: ]Ɋ& )!Xl6:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**fl6: ]Ɋ& A!Xl6:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **gl6: ]Ɋ& =!Xl6:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **hl6: ]Ɋ& 5!Xl6:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=23**il6: ]Ɋ& 5!Xl6:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**jl6: ]Ɋ& 7!Xl6:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0kl6: ]Ɋ& !l6:k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b001ed4c-c4ed-4c03-93a0-5d908759434b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lg: ]Ɋ& !g:l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9e9b06e-a1bc-446c-8a00-cb0cf68f965c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b001ed4c-c4ed-4c03-93a0-5d908759434b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**Xmg: ]Ɋ& !Xg:m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=>X**png: ]Ɋ& !Xg:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hog: ]Ɋ& !Xg:o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pg: ]Ɋ& !Xg:p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qg: ]Ɋ& !Xg:q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrg: ]Ɋ& !Xg:r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s/: ]Ɋ&  !/:s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72b3ca5-3396-494a-8f5e-42e667454cbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**t/: ]Ɋ& !/:t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=53a7e2b8-1105-440b-98db-599f7a4442ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e72b3ca5-3396-494a-8f5e-42e667454cbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8u/: ]Ɋ& !X/:u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv/: ]Ɋ& !X/:v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pw/: ]Ɋ& !X/:w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**Hx/: ]Ɋ& !X/:x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hy/: ]Ɋ& !X/:y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz/: ]Ɋ& !X/:z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{/: ]Ɋ& !/:{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31399741-4019-4752-9a82-5411ba38ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|Ƙ: ]Ɋ& !Ƙ:| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce0be298-35c4-40af-9c90-6a4a96fccc99 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31399741-4019-4752-9a82-5411ba38ab9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X}Ƙ: ]Ɋ& !XƘ:} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~Ƙ: ]Ɋ& !XƘ:~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hƘ: ]Ɋ& !XƘ: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`Ƙ: ]Ɋ& !XƘ: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=14`**`Ƙ: ]Ɋ& !XƘ: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`Ƙ: ]Ɋ& !XƘ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Ƙ: ]Ɋ& !Ƙ: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a7a713c-9c48-46ab-8618-f7380b30b620 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Ƙ: ]Ɋ& !Ƙ: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=108a5f92-54cf-4c4a-b54c-8ecd703e0d22 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a7a713c-9c48-46ab-8618-f7380b30b620 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(Ƙ: ]Ɋ& !XƘ: F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@Ƙ: ]Ɋ& !XƘ: F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@Ƙ: ]Ɋ& !XƘ: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8Ƙ: ]Ɋ& !XƘ: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8Ƙ: ]Ɋ& !XƘ: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Ƙ: ]Ɋ& !XƘ: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**\1: ]Ɋ& !\1: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c36bbf8e-f2b7-4e58-b52c-a61b125a9c86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**ɓ: ]Ɋ& !ɓ: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92192fb1-8aa0-4c0f-9f49-f740e41921da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c36bbf8e-f2b7-4e58-b52c-a61b125a9c86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X: ]Ɋ& !X: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p: ]Ɋ& !X: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p: ]Ɋ& !X: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h: ]Ɋ& !X: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h: ]Ɋ& !X: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**: ]Ɋ&  !: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b61f281-a305-4499-9265-bc7b97a65c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**M,: ]Ɋ& !M,: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e371b6ee-0031-417e-9a82-26e85dde373f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b61f281-a305-4499-9265-bc7b97a65c28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35* ]Ɋ&  CXĖ: F&ommandPath= CommandLine=wP**24 ]Ɋ& 7!X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b42b15ef-7cd0-4bb1-940d-9a0607ecb096 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(?6$c"NMu=VysMc&&** Ė: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XĖ: F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ė: ]Ɋ& ?!XĖ: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Ė: ]Ɋ& ;!XĖ: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **Ė: ]Ɋ& 3!XĖ: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**Ė: ]Ɋ& 3!XĖ: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**Ė: ]Ɋ& 5!XĖ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0Ė: ]Ɋ& !Ė: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c38e0b2f-886d-4735-9241-07181c3a8da8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@z]: ]Ɋ& !z]: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d248ce9-d9dd-4548-b3e9-668200fb571a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c38e0b2f-886d-4735-9241-07181c3a8da8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**t ]Ɋ& )!Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**t ]Ɋ& A!Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**t ]Ɋ& =!Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b**t ]Ɋ& 5!Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**t ]Ɋ& 5!Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**t ]Ɋ& 7!Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0t ]Ɋ& !t F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91c6a27c-b813-4ede-9778-371cf5a39034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@u ]Ɋ& !u F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b6241d6-3ae9-4582-91d3-fa4a28a705e9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91c6a27c-b813-4ede-9778-371cf5a39034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`u ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=/h**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0bd19221-b378-4c6a-b6e0-8f5df94016bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3efa07d1-be2b-4f06-8e98-b5e39c71810f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0bd19221-b378-4c6a-b6e0-8f5df94016bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8^v ]Ɋ& !X^v F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P^v ]Ɋ& !X^v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ƘP**P^v ]Ɋ& !X^v F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H^v ]Ɋ& !X^v F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H^v ]Ɋ& !X^v F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H^v ]Ɋ& !X^v F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**^v ]Ɋ& !^v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91985db6-1e47-440b-bb4f-12307d655630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **^v ]Ɋ& !^v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7fdbe97-23fa-418c-a834-becd4aa6675e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91985db6-1e47-440b-bb4f-12307d655630 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X^v ]Ɋ& !X^v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p^v ]Ɋ& !X^v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h^v ]Ɋ& !X^v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`^v ]Ɋ& !X^v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`^v ]Ɋ& !X^v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`^v ]Ɋ& !X^v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**^v ]Ɋ& !^v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83428feb-3d3a-42c4-bc16-defd5d78214c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**^v ]Ɋ& !^v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc5ab88e-921e-46ba-8fcb-495e54aebdb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83428feb-3d3a-42c4-bc16-defd5d78214c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(-w ]Ɋ& !X-w F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@-w ]Ɋ& !X-w F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@-w ]Ɋ& !X-w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6e8@**8-w ]Ɋ& !X-w F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8-w ]Ɋ& !X-w F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8-w ]Ɋ& !X-w F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**-w ]Ɋ& !-w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c2e6107c-4600-448c-9deb-9a4e322d98d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**w ]Ɋ& !w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=239c6a03-bd42-489f-8e4f-97f7e22a2723 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c2e6107c-4600-448c-9deb-9a4e322d98d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XOy ]Ɋ& !XOy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pOy ]Ɋ& !XOy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pOy ]Ɋ& !XOy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& d-XOy F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(}Mu=VysMc&&**h Oy ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XOy F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hOy ]Ɋ& !XOy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hOy ]Ɋ& !XOy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**Oy ]Ɋ&  !Oy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a7f76f9-b74e-4c0f-9e2e-eff4a73c7034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**(z ]Ɋ& !(z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da27c533-e325-457d-add8-08c541e522fd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a7f76f9-b74e-4c0f-9e2e-eff4a73c7034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**#} ]Ɋ& '!X#} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**#} ]Ɋ& ?!X#} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**#} ]Ɋ& ;!X#} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**#} ]Ɋ& 3!X#} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#} ]Ɋ& 3!X#} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**#} ]Ɋ& 5!X#} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0#} ]Ɋ& !#} F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44f2a42b-682f-41bf-b684-a15a4ee94487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@U~ ]Ɋ& !U~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5ca0969-57b1-4560-b001-c1737dc48fbb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44f2a42b-682f-41bf-b684-a15a4ee94487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=230b6e33-e971-4d23-8e01-57d73a26305e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30**@  ]Ɋ& !  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6854033-def5-4fc1-8791-99a424dd8453 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=230b6e33-e971-4d23-8e01-57d73a26305e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h  ]Ɋ& !X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5f75eda-3a49-40b9-ac09-9efddc2fd827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**Sz  ]Ɋ& !Sz  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=658cb9d6-9082-41ae-a5c3-982dcea3528a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b5f75eda-3a49-40b9-ac09-9efddc2fd827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8Sz  ]Ɋ& !XSz  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-8**PSz  ]Ɋ& !XSz  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8eP**PSz  ]Ɋ& !XSz  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HSz  ]Ɋ& !XSz  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HSz  ]Ɋ& !XSz  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HSz  ]Ɋ& !XSz  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**Sz  ]Ɋ& !Sz  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb7d824a-1195-4039-a958-83a8be97d5b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**Sz  ]Ɋ& !Sz  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2bbb426-f4c2-4863-9046-63e28cb07176 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb7d824a-1195-4039-a958-83a8be97d5b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XSz  ]Ɋ& !XSz  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pSz  ]Ɋ& !XSz  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hSz  ]Ɋ& !XSz  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`Sz  ]Ɋ& !XSz  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Sz  ]Ɋ& !XSz  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`Sz  ]Ɋ& !XSz  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**Sz  ]Ɋ& !Sz  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66c0ac89-7980-4a5b-920f-bc5616b25a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43ad4095-c61f-4cec-94e8-e44eb920aa81 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66c0ac89-7980-4a5b-920f-bc5616b25a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(  ]Ɋ& !X  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@  ]Ɋ& !X  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@  ]Ɋ& !X  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk,,@:KWԹ Mu=VysMc&&**   ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!  F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57c99318-71a0-4ee8-b74d-7df0e00f1b3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=532c918a-35f1-45c1-b73c-a7ee451c2b0e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=57c99318-71a0-4ee8-b74d-7df0e00f1b3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XCu  ]Ɋ& !XCu  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pCu  ]Ɋ& !XCu  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pCu  ]Ɋ& !XCu  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hCu  ]Ɋ& !XCu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hCu  ]Ɋ& !XCu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hCu  ]Ɋ& !XCu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**Cu  ]Ɋ&  !Cu  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abdbd82-d81c-41bc-a570-bdfd8203f7f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#}**p  ]Ɋ& !p  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=717799cd-8b40-4789-be4e-25017af2a0b5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6abdbd82-d81c-41bc-a570-bdfd8203f7f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**p  ]Ɋ& '!Xp  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**p  ]Ɋ& ?!Xp  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p  ]Ɋ& ;!Xp  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p  ]Ɋ& 3!Xp  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p** p  ]Ɋ& 3!Xp   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** p  ]Ɋ& 5!Xp   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0 p  ]Ɋ& !p   F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=809279a2-1171-447a-89a4-b560a7b36b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@ ױ  ]Ɋ& !ױ   F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1effdd92-b155-4d3e-8996-9f3901645791 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=809279a2-1171-447a-89a4-b560a7b36b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@** =M  ]Ɋ& )!X=M   F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**=M  ]Ɋ& A!X=M  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae-a**=M  ]Ɋ& =!X=M  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**=M  ]Ɋ& 5!X=M  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**=M  ]Ɋ& 5!X=M  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**=M  ]Ɋ& 7!X=M  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0=M  ]Ɋ& !=M  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65dba4c2-657d-4b16-911e-c064c1a0bcc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@jM  ]Ɋ& !jM  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e8e2d4f-4beb-4890-8d3a-84dfa6a18070 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65dba4c2-657d-4b16-911e-c064c1a0bcc5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**XjM  ]Ɋ& !XjM  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pjM  ]Ɋ& !XjM  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hjM  ]Ɋ& !XjM  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`jM  ]Ɋ& !XjM  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`jM  ]Ɋ& !XjM  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hjM  ]Ɋ& !XjM  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**jM  ]Ɋ&  !jM  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=992ce900-79e4-4f9a-bc02-2d826b346160 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**M  ]Ɋ& !M  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=484c8ea5-e137-4351-a1fd-de3f4510d7fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=992ce900-79e4-4f9a-bc02-2d826b346160 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sz**8M  ]Ɋ& !XM  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**PM  ]Ɋ& !XM  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**PM  ]Ɋ& !XM  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H M  ]Ɋ& !XM   F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H!M  ]Ɋ& !XM ! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**H"M  ]Ɋ& !XM " F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**#M  ]Ɋ& !M # F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dba889ad-966f-4167-9f2f-756cf60e36f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**$M  ]Ɋ& !M $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a8eec71-be42-40b8-836b-0b0b2d7f1abe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dba889ad-966f-4167-9f2f-756cf60e36f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X%3M  ]Ɋ& !X3M % F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**p&3M  ]Ɋ& !X3M & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**h'3M  ]Ɋ& !X3M ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`(3M  ]Ɋ& !X3M ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`)3M  ]Ɋ& !X3M ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*3M  ]Ɋ& !X3M * F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+3M  ]Ɋ& !3M + F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73b94c9f-5ed4-4cde-a54f-bbef8211714f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**,3M  ]Ɋ& !3M , F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2841273d-bda4-4aa9-b764-6833e2992e77 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73b94c9f-5ed4-4cde-a54f-bbef8211714f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX3M - F&ndPath= CommandLine=8F& ElfChnk-]-]h%?Mu=VysMc&&**0 -3M  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X3M - F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@.3M  ]Ɋ& !X3M . F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@/3M  ]Ɋ& !X3M / F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**803M  ]Ɋ& !X3M 0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**813M  ]Ɋ& !X3M 1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 8**823M  ]Ɋ& !X3M 2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**33M  ]Ɋ& !3M 3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0e3eb75f-f9a3-430e-8ebc-1920bc40c210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu**4dM  ]Ɋ& !dM 4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=483028df-3ca4-4791-85da-6e72fea2a92d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0e3eb75f-f9a3-430e-8ebc-1920bc40c210 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X5.M  ]Ɋ& !X.M 5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p6.M  ]Ɋ& !X.M 6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p7.M  ]Ɋ& !X.M 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h8.M  ]Ɋ& !X.M 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h9.M  ]Ɋ& !X.M 9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h:.M  ]Ɋ& !X.M : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**;.M  ]Ɋ&  !.M ; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae45ade5-8e0b-41bf-98b5-f80bba6cf5b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**<M  ]Ɋ& !M < F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65c672e7-720f-4e7d-82d8-e9163d0e0496 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae45ade5-8e0b-41bf-98b5-f80bba6cf5b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d92-**=_M  ]Ɋ& '!X_M = F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**>_M  ]Ɋ& ?!X_M > F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?_M  ]Ɋ& ;!X_M ? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **@_M  ]Ɋ& 3!X_M @ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**A_M  ]Ɋ& 3!X_M A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **B_M  ]Ɋ& 5!X_M B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0C_M  ]Ɋ& !_M C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=11d7d112-4fae-4ab7-b183-6b3898e2d381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@DKM  ]Ɋ& !KM D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51642ada-51dc-4fac-9427-dbf2c7be5406 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=11d7d112-4fae-4ab7-b183-6b3898e2d381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**E(l ]Ɋ& )!X(lE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**F(l ]Ɋ& A!X(lF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**G(l ]Ɋ& =!X(lG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**H(l ]Ɋ& 5!X(lH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-e**I(l ]Ɋ& 5!X(lI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**J(l ]Ɋ& 7!X(lJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0K(l ]Ɋ& !(lK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb2009b3-2ed8-4e48-ba58-e89022eb2c65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L)Zl ]Ɋ& !)ZlL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=76cde626-b193-4b6f-bc4c-310bad4d0948 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb2009b3-2ed8-4e48-ba58-e89022eb2c65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XM)Zl ]Ɋ& !X)ZlM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pN)Zl ]Ɋ& !X)ZlN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hO)Zl ]Ɋ& !X)ZlO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`P)Zl ]Ɋ& !X)ZlP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Q)Zl ]Ɋ& !X)ZlQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hR)Zl ]Ɋ& !X)ZlR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**S)Zl ]Ɋ&  !)ZlS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5262dd8a-43d2-4182-969a-e9977ec88e56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**Tl ]Ɋ& !lT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e6e2f96-8af3-4df6-a941-a13509517809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5262dd8a-43d2-4182-969a-e9977ec88e56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8UVl ]Ɋ& !XVlU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=%8**PVVl ]Ɋ& !XVlV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PWVl ]Ɋ& !XVlW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HXVl ]Ɋ& !XVlX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HYVl ]Ɋ& !XVlY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HZVl ]Ɋ& !XVlZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**[Vl ]Ɋ& !Vl[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86dce833-48f3-4b2a-a011-fe052d5208fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\Vl ]Ɋ& !Vl\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77053fad-ab1b-4953-898a-fd2649dfe982 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86dce833-48f3-4b2a-a011-fe052d5208fa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X]#l ]Ɋ& !X#l] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X#l^ F& F&ndPath= CommandLine=8F& ElfChnk^^@?^PSMu=VysMc&&**p^#l ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X#l^ F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h_#l ]Ɋ& !X#l_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**``#l ]Ɋ& !X#l` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`a#l ]Ɋ& !X#la F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=28`**`b#l ]Ɋ& !X#lb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**c#l ]Ɋ& !#lc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=320490dc-90b9-4238-b6d6-e9618209b77e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d#l ]Ɋ& !#ld F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dedcfa60-2b35-4992-863e-b453c6a1d9ac HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=320490dc-90b9-4238-b6d6-e9618209b77e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**(e#l ]Ɋ& !X#le F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@f#l ]Ɋ& !X#lf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@g#l ]Ɋ& !X#lg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8h#l ]Ɋ& !X#lh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8i#l ]Ɋ& !X#li F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8j#l ]Ɋ& !X#lj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**k#l ]Ɋ& !#lk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ad393e-87ec-456e-8690-16cb42549556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**ll ]Ɋ& !ll F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e54fd00-0dcd-4cd4-b672-08442aad608a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ad393e-87ec-456e-8690-16cb42549556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Xm7l ]Ɋ& !X7lm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pn7l ]Ɋ& !X7ln F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**po7l ]Ɋ& !X7lo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hp7l ]Ɋ& !X7lp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hq7l ]Ɋ& !X7lq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hr7l ]Ɋ& !X7lr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**s7l ]Ɋ&  !7ls F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fdeee4d-811a-43d8-ba3d-6da8246740ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **tl ]Ɋ& !lt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=756b9ca2-2208-45ce-ae92-49fa1d5aa2b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fdeee4d-811a-43d8-ba3d-6da8246740ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4fa**udl ]Ɋ& '!Xdlu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**vdl ]Ɋ& ?!Xdlv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**wdl ]Ɋ& ;!Xdlw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**xdl ]Ɋ& 3!Xdlx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**ydl ]Ɋ& 3!Xdly F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**zdl ]Ɋ& 5!Xdlz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0{dl ]Ɋ& !dl{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e47444de-f31e-461b-8360-f5c293c9a0de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@|Jl ]Ɋ& !Jl| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3c562d9-5631-4b35-83f7-3a382344547e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e47444de-f31e-461b-8360-f5c293c9a0de PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**}i' ]Ɋ& )!Xi'} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**~i' ]Ɋ& A!Xi'~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**i' ]Ɋ& =!Xi' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **i' ]Ɋ& 5!Xi' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f6**i' ]Ɋ& 5!Xi' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**i' ]Ɋ& 7!Xi' F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0i' ]Ɋ& !i' F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ebd193b-b28f-4831-9604-fcb37ca85b8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@( ]Ɋ& !( F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=098607b5-74b6-4cde-99a5-5bf1242f952c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ebd193b-b28f-4831-9604-fcb37ca85b8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X( ]Ɋ& !X( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p( ]Ɋ& !X( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h( ]Ɋ& !X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`( ]Ɋ& !X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h( ]Ɋ& !X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**( ]Ɋ&  !( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d7f762b-cf6b-47d4-b829-8f025faa0e9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a848eeb-7163-4ad9-a2bf-161fd9d54859 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d7f762b-cf6b-47d4-b829-8f025faa0e9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8'( ]Ɋ& !X'( F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P'( ]Ɋ& !X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk X}.MMu=VysMc&&**P'( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X'( F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H'( ]Ɋ& !X'( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H'( ]Ɋ& !X'( F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H'( ]Ɋ& !X'( F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**'( ]Ɋ& !'( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71b83bd8-b651-49ab-a9d7-e2aa648bc91b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f909e3a7-2e4e-4614-8be6-a6e872a5fe1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71b83bd8-b651-49ab-a9d7-e2aa648bc91b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X'( ]Ɋ& !X'( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p'( ]Ɋ& !X'( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h'( ]Ɋ& !X'( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`'( ]Ɋ& !X'( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2a`**`'( ]Ɋ& !X'( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`'( ]Ɋ& !X'( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**'( ]Ɋ& !'( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ca366d8-85cd-471e-84b0-add7751dd72a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**'( ]Ɋ& !'( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c5ded59-50e3-4901-8664-562b20ff5c1a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ca366d8-85cd-471e-84b0-add7751dd72a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(3) ]Ɋ& !X3) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9(**@3) ]Ɋ& !X3) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@3) ]Ɋ& !X3) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**83) ]Ɋ& !X3) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**83) ]Ɋ& !X3) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**83) ]Ɋ& !X3) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**3) ]Ɋ& !3) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39bcc46-aa4a-4686-902b-9b27e4bf6dde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **T) ]Ɋ& !T) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c08336a-24d7-4816-ba3f-3223f20e811e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d39bcc46-aa4a-4686-902b-9b27e4bf6dde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh*** ]Ɋ&  !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a80bee-c643-459e-b505-d6a150cfc3f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=494c5344-3659-42d1-9ae9-d8ea40b2f42f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a80bee-c643-459e-b505-d6a150cfc3f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**., ]Ɋ& '!X., F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**., ]Ɋ& ?!X., F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**., ]Ɋ& ;!X., F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**., ]Ɋ& 3!X., F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **., ]Ɋ& 3!X., F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**., ]Ɋ& 5!X., F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0., ]Ɋ& !., F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=75d5d007-9ee8-4021-964b-2b20c1b206fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@E, ]Ɋ& !E, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a589299-7b2a-4b31-9373-61333938b315 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=75d5d007-9ee8-4021-964b-2b20c1b206fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**t\- ]Ɋ& )!Xt\- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**t\- ]Ɋ& A!Xt\- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**t\- ]Ɋ& =!Xt\- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**t\- ]Ɋ& 5!Xt\- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**t\- ]Ɋ& 5!Xt\- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**t\- ]Ɋ& 7!Xt\- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0t\- ]Ɋ& !t\- F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6ecfe8f-81ea-43e9-9b0e-3f308d31a1b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@- ]Ɋ& !- F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f633235-40f1-49b4-912a-7b21144786fe HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6ecfe8f-81ea-43e9-9b0e-3f308d31a1b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a0eX**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**h- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk(m@GpMu=VysMc&&**h- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X- F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='(h**`- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3336796-a79a-432d-9a1c-3e83893bfe53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**- ]Ɋ& !- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5745dd4-72d7-49a4-9f69-255ecbe98d84 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3336796-a79a-432d-9a1c-3e83893bfe53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**87&- ]Ɋ& !X7&- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P7&- ]Ɋ& !X7&- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P7&- ]Ɋ& !X7&- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H7&- ]Ɋ& !X7&- F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H7&- ]Ɋ& !X7&- F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H7&- ]Ɋ& !X7&- F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f0b697f-621e-4eea-8e67-4515766f9f7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7&- ]Ɋ& !7&- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59803d09-723b-4175-958e-843325dccf1e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f0b697f-621e-4eea-8e67-4515766f9f7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X7&- ]Ɋ& !X7&- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p7&- ]Ɋ& !X7&- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h7&- ]Ɋ& !X7&- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`7&- ]Ɋ& !X7&- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`7&- ]Ɋ& !X7&- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`7&- ]Ɋ& !X7&- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9434d4c9-aa19-4f4c-b2bf-3528eeff9c19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7&- ]Ɋ& !7&- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c48f30b-2dd0-45b2-b51a-808ef46b5091 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9434d4c9-aa19-4f4c-b2bf-3528eeff9c19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(7&- ]Ɋ& !X7&- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@7&- ]Ɋ& !X7&- F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@7&- ]Ɋ& !X7&- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**87&- ]Ɋ& !X7&- F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**87&- ]Ɋ& !X7&- F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ae8**87&- ]Ɋ& !X7&- F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**7&- ]Ɋ& !7&- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3eed7f35-0442-4b55-842c-a971dfed026c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ξ- ]Ɋ& !ξ- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c24f084b-a3f5-40ce-98af-0c2acbd206b0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3eed7f35-0442-4b55-842c-a971dfed026c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h- ]Ɋ& !X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c9a0508-8a49-4089-829e-063b56fc467f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(!- ]Ɋ& !(!- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c64ba68e-e561-4895-8ddd-c5b47c32dd41 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c9a0508-8a49-4089-829e-063b56fc467f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **(!- ]Ɋ& '!X(!- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**(!- ]Ɋ& ?!X(!- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**(!- ]Ɋ& ;!X(!- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(!- ]Ɋ& 3!X(!- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**(!- ]Ɋ& 3!X(!- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**(!- ]Ɋ& 5!X(!- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0(!- ]Ɋ& !(!- F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb87bc1-b8cb-442d-b710-315c6cdd34d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@- ]Ɋ& !- F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6641a36-e3e6-4c36-a05e-b9ff764ce8e2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb87bc1-b8cb-442d-b710-315c6cdd34d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**G ]Ɋ& )!XG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**G ]Ɋ& A!XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**G ]Ɋ& =!XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk pΖ;Mu=VysMc&&**G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XG F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **G ]Ɋ& 5!XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**G ]Ɋ& 7!XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0y ]Ɋ& !y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6a75254-744b-4fe6-b3f8-cf05bf03b924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@y ]Ɋ& !y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=106cee27-53e9-4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6a75254-744b-4fe6-b3f8-cf05bf03b924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=98d@**Xy ]Ɋ& !Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**py ]Ɋ& !Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=723p**hy ]Ɋ& !Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`y ]Ɋ& !Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hy ]Ɋ& !Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**y ]Ɋ&  !y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00fff48a-1053-4007-bb15-ad884514f3b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6498f875-1b87-4128-8ba3-139bec61f250 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00fff48a-1053-4007-bb15-ad884514f3b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8efH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808eb838-d57e-4c84-b596-216d707e658e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17077670-f520-490c-8908-a9965c7a40b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808eb838-d57e-4c84-b596-216d707e658e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c24fX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4c19aa-021e-4831-89b0-77ad4a4f9e79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68029948-37c4-4284-a636-c345df860beb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4c19aa-021e-4831-89b0-77ad4a4f9e79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84b**( < ]Ɋ& !X<  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@< ]Ɋ& !X< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@< ]Ɋ& !X< F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8< ]Ɋ& !X< F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8< ]Ɋ& !X< F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8< ]Ɋ& !X< F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=987f47a9-8257-4ea7-bf96-0b717df6b7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd**B ]Ɋ& !B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c66f182c-e52c-4538-8744-ba11c22efa59 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=987f47a9-8257-4ea7-bf96-0b717df6b7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xt ]Ɋ& !Xt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pt ]Ɋ& !Xt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ht ]Ɋ& !Xt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**ht ]Ɋ& !Xt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**ht ]Ɋ& !Xt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8h**t ]Ɋ&  !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0480d2-8b19-4eac-8110-6806b9dc9224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=091918e2-0954-4c44-827f-1c0604dbf133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f0480d2-8b19-4eac-8110-6806b9dc9224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**  ]Ɋ& '!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**  ]Ɋ& ?!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**  ]Ɋ& ;!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**  ]Ɋ& 3!X   F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX ! F&4372-bf52-b3e9b2233e06 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X- F&dLine=8F& ElfChnk!R!RHuF]kͭMu=VysMc&&** !  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X ! F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **"  ]Ɋ& 5!X " F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**0#  ]Ɋ& ! # F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=60b1555e-4c65-4c03-942c-748f4930572b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f50**@$- ]Ɋ& !-$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66a28a6a-ec96-4999-a344-bd9f6b066d89 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=60b1555e-4c65-4c03-942c-748f4930572b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**%xM ]Ɋ& )!XxM% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **&xM ]Ɋ& A!XxM& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**'xM ]Ɋ& =!XxM' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**(xM ]Ɋ& 5!XxM( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ec**)xM ]Ɋ& 5!XxM) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns***xM ]Ɋ& 7!XxM* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0+xM ]Ɋ& !xM+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2060faca-8a4b-4229-b796-14391bcfdb1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@,M ]Ɋ& !M, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96ced66c-4a85-4cfd-b676-fd47a74df134 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2060faca-8a4b-4229-b796-14391bcfdb1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X-M ]Ɋ& !XM- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p.M ]Ɋ& !XM. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/M ]Ɋ& !XM/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`0M ]Ɋ& !XM0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`1M ]Ɋ& !XM1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h2M ]Ɋ& !XM2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**3M ]Ɋ&  !M3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db2dd7e-369a-43a4-bff1-3e0c51fd796d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**4GBM ]Ɋ& !GBM4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f943828-cdd3-4238-8cfa-743fec64a400 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3db2dd7e-369a-43a4-bff1-3e0c51fd796d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**85GBM ]Ɋ& !XGBM5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P6GBM ]Ɋ& !XGBM6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P7GBM ]Ɋ& !XGBM7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H8GBM ]Ɋ& !XGBM8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H9GBM ]Ɋ& !XGBM9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H:GBM ]Ɋ& !XGBM: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**;GBM ]Ɋ& !GBM; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0904559-8338-4396-b0e9-46448101be52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<GBM ]Ɋ& !GBM< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aed3d691-0502-4274-a9db-2f15b869d86d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0904559-8338-4396-b0e9-46448101be52 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X=GBM ]Ɋ& !XGBM= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p>GBM ]Ɋ& !XGBM> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h?GBM ]Ɋ& !XGBM? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`@GBM ]Ɋ& !XGBM@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=38`**`AGBM ]Ɋ& !XGBMA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`BGBM ]Ɋ& !XGBMB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**CGBM ]Ɋ& !GBMC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2edf8d07-e970-49d1-a92a-94364ac8f8f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**DڤM ]Ɋ& !ڤMD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07651be6-a52d-47e7-a2ad-d778a9ba43af HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2edf8d07-e970-49d1-a92a-94364ac8f8f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==98**(EڤM ]Ɋ& !XڤME F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@FڤM ]Ɋ& !XڤMF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@GڤM ]Ɋ& !XڤMG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8HڤM ]Ɋ& !XڤMH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8IڤM ]Ɋ& !XڤMI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8JڤM ]Ɋ& !XڤMJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**KڤM ]Ɋ& !ڤMK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=98dc1fe8-22a1-4441-861d-cde6ea7b5753 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**LtsM ]Ɋ& !tsML F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a2f383b-c76e-44eb-8452-a130c99fb80f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=98dc1fe8-22a1-4441-861d-cde6ea7b5753 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**XM8=M ]Ɋ& !X8=MM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pN8=M ]Ɋ& !X8=MN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pO8=M ]Ɋ& !X8=MO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**hP8=M ]Ɋ& !X8=MP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hQ8=M ]Ɋ& !X8=MQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hR8=M ]Ɋ& !X8=MR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !8=MS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkSS8"a]Mu=VysMc&&** S8=M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8=MS F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **TէM ]Ɋ& !էMT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=48d74312-35a0-4e73-b912-46bda79b2660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**UէM ]Ɋ& '!XէMU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**VէM ]Ɋ& ?!XէMV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**WէM ]Ɋ& ;!XէMW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**XէM ]Ɋ& 3!XէMX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**YէM ]Ɋ& 3!XէMY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ZէM ]Ɋ& 5!XէMZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0[էM ]Ɋ& !էM[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56a624a-bccb-4e1a-8acc-3a2a9e650371 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ac0**@\enM ]Ɋ& !enM\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfe2f62b-d18d-4b90-a0b0-c2fa8e0780b5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e56a624a-bccb-4e1a-8acc-3a2a9e650371 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**]` ]Ɋ& )!X`] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**^` ]Ɋ& A!X`^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**_` ]Ɋ& =!X`_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`` ]Ɋ& 5!X`` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**a` ]Ɋ& 5!X`a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**b` ]Ɋ& 7!X`b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0c` ]Ɋ& !`c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a23aa2d-aa69-470c-88cd-9a859da8d9e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@d  ]Ɋ& ! d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=887d6803-fdff-4751-80f1-4d0875165946 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a23aa2d-aa69-470c-88cd-9a859da8d9e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**Xe  ]Ɋ& !X e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pf  ]Ɋ& !X f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hg  ]Ɋ& !X g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`h  ]Ɋ& !X h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`i  ]Ɋ& !X i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hj  ]Ɋ& !X j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**k  ]Ɋ&  ! k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c06e2b-6348-4782-beef-c3f4755c4c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=91-0**l* ]Ɋ& !*l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf482916-cc03-4fef-8fb2-652064a03b05 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c06e2b-6348-4782-beef-c3f4755c4c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8m* ]Ɋ& !X*m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=528**Pn* ]Ɋ& !X*n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**Po* ]Ɋ& !X*o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**Hp* ]Ɋ& !X*p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hq* ]Ɋ& !X*q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**Hr* ]Ɋ& !X*r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**s* ]Ɋ& !*s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a88e50-432b-456c-9166-0b6377c033d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**t* ]Ɋ& !*t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a17a852c-c7b2-4456-9982-94e9ea34c735 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a88e50-432b-456c-9166-0b6377c033d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xu* ]Ɋ& !X*u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pv* ]Ɋ& !X*v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hw* ]Ɋ& !X*w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`x* ]Ɋ& !X*x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`y* ]Ɋ& !X*y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`z* ]Ɋ& !X*z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**{* ]Ɋ& !*{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24128bd9-cbdd-46f6-bdcd-514c0ff84256 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**|* ]Ɋ& !*| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1043917f-c0db-46c4-a85c-4246c4b0e37b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24128bd9-cbdd-46f6-bdcd-514c0ff84256 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}8Ô ]Ɋ& !X8Ô} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@~8Ô ]Ɋ& !X8Ô~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@8Ô ]Ɋ& !X8Ô F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**88Ô ]Ɋ& !X8Ô F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**88Ô ]Ɋ& !X8Ô F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**88Ô ]Ɋ& !X8Ô F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Ô ]Ɋ& !8Ô F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b08363aa-59e7-47dc-97c4-b9a5ad85f5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9970ec5-9c23-4efe-805f-41e5afaf26f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b08363aa-59e7-47dc-97c4-b9a5ad85f5df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0[)OMu=VysMc&&**x  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c63fb14-364d-48db-b979-200d783e998d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**% ]Ɋ& !% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fdfebc7-7498-4a6f-a360-7823907edd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c63fb14-364d-48db-b979-200d783e998d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**% ]Ɋ& '!X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**% ]Ɋ& ?!X% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**% ]Ɋ& ;!X% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d08**% ]Ɋ& 3!X% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**% ]Ɋ& 3!X% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=875**% ]Ɋ& 5!X% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0% ]Ɋ& !% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da8d8a53-956d-441a-9c54-6dd9b8c60663 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@) ]Ɋ& !) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78f962e2-2797-4ebd-9dba-a2c921afb6b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da8d8a53-956d-441a-9c54-6dd9b8c60663 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= ** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0R* ]Ɋ& !R* F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c1aac89-67a0-4fee-8934-dc9c7398f1e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@œ ]Ɋ& !œ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a82bad7-dba0-4a08-bc34-73d6670128ff HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c1aac89-67a0-4fee-8934-dc9c7398f1e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xœ ]Ɋ& !Xœ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mX**pœ ]Ɋ& !Xœ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hœ ]Ɋ& !Xœ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`œ ]Ɋ& !Xœ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`œ ]Ɋ& !Xœ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hœ ]Ɋ& !Xœ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**œ ]Ɋ&  !œ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e8a36b3-a7d7-47e2-902a-6f3aed2730d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae317808-b4b4-4616-a862-99784ca2551d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e8a36b3-a7d7-47e2-902a-6f3aed2730d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8[ ]Ɋ& !X[ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P[ ]Ɋ& !X[ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H[ ]Ɋ& !X[ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H[ ]Ɋ& !X[ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H[ ]Ɋ& !X[ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4de3b258-aaea-45a9-9801-1a000d2a7d5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**[ ]Ɋ& ![ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d7863e8-6c70-4540-a7ab-302b3fb8e691 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4de3b258-aaea-45a9-9801-1a000d2a7d5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X[ ]Ɋ& !X[ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p[ ]Ɋ& !X[ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h[ ]Ɋ& !X[ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`[ ]Ɋ& !X[ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`[ ]Ɋ& !X[ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`[ ]Ɋ& !X[ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60c89c3b-0878-49b7-b99a-15d2421204b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=618b78fd-dc07-4d1f-aa1d-14413943f353 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60c89c3b-0878-49b7-b99a-15d2421204b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkpoyHMu=VysMc&&**8  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c8dcd853-f01f-408b-95ca-b5b2f3214b81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33ecad1c-eba0-4b37-8483-ce2a869dda24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c8dcd853-f01f-408b-95ca-b5b2f3214b81 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XoV ]Ɋ& !XoV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**poV ]Ɋ& !XoV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**poV ]Ɋ& !XoV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoV ]Ɋ& !XoV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hoV ]Ɋ& !XoV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hoV ]Ɋ& !XoV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-h**oV ]Ɋ&  !oV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3b73a-33ed-4fe9-baf1-c1497d877c70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**oV ]Ɋ& !oV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a841c55-b746-47a4-a138-db58e1bad7a2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3b73a-33ed-4fe9-baf1-c1497d877c70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f756ca8-8f8b-4640-a29f-5b9f279e98ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=199bca1d-5b2d-48c2-aa97-5b77928f8ffb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5f756ca8-8f8b-4640-a29f-5b9f279e98ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**` ]Ɋ& )!X` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**` ]Ɋ& A!X` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**` ]Ɋ& =!X` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**` ]Ɋ& 5!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**` ]Ɋ& 5!X` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**` ]Ɋ& 7!X` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0` ]Ɋ& !` F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1df90a0-8a47-48f2-ba80-b263c92afac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@u` ]Ɋ& !u` F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b25058f0-df51-4d7c-9ca1-f76b7fa72fb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1df90a0-8a47-48f2-ba80-b263c92afac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4-@**XE` ]Ɋ& !XE` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hE` ]Ɋ& !XE` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**`E` ]Ɋ& !XE` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**`E` ]Ɋ& !XE` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**hE` ]Ɋ& !XE` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**E` ]Ɋ&  !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8E` ]Ɋ& !XE` F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PE` ]Ɋ& !XE` F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HE` ]Ɋ& !XE` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43f3H**HE` ]Ɋ& !XE` F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aa1H**HE` ]Ɋ& !XE` F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd-H**E` ]Ɋ& !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=353**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**Xܦ` ]Ɋ& !Xܦ` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pܦ` ]Ɋ& !Xܦ` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hܦ` ]Ɋ& !Xܦ` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ܦ` ]Ɋ& !Xܦ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXܦ` F&wid@ 65535 Eng ]Ɋ& ndX F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkHEMu=VysMc&&**hܦ` ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xܦ` F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`ܦ` ]Ɋ& !Xܦ` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**ܦ` ]Ɋ& !ܦ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a27e255-3bb9-44c3-ac40-77f7d8f3d7c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ܦ` ]Ɋ& !ܦ` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a27e255-3bb9-44c3-ac40-77f7d8f3d7c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(ܦ` ]Ɋ& !Xܦ` F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ܦ` ]Ɋ& !Xܦ` F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@ܦ` ]Ɋ& !Xܦ` F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8ܦ` ]Ɋ& !Xܦ` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8ܦ` ]Ɋ& !Xܦ` F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8ܦ` ]Ɋ& !Xܦ` F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**ܦ` ]Ɋ& !ܦ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=84d45ee0-ba20-4415-872f-3c0ed577dab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**r?` ]Ɋ& !r?` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7843f7e-bca2-4864-9735-e691d185874b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=84d45ee0-ba20-4415-872f-3c0ed577dab3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X6 ` ]Ɋ& !X6 ` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p6 ` ]Ɋ& !X6 ` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p6 ` ]Ɋ& !X6 ` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h6 ` ]Ɋ& !X6 ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h6 ` ]Ɋ& !X6 ` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h6 ` ]Ɋ& !X6 ` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**6 ` ]Ɋ&  !6 ` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49b706fc-ec46-4ece-b12a-60e63d7fc509 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**̡` ]Ɋ& !̡` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02de807c-f6af-4be9-b43a-f146b539518c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=49b706fc-ec46-4ece-b12a-60e63d7fc509 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**c:` ]Ɋ& '!Xc:` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**c:` ]Ɋ& ?!Xc:` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**c:` ]Ɋ& ;!Xc:` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**c:` ]Ɋ& 3!Xc:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==b2**c:` ]Ɋ& 3!Xc:` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**c:` ]Ɋ& 5!Xc:` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d7**0c:` ]Ɋ& !c:` F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f528469-908f-4b8c-a977-176dd0b9867d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@` ]Ɋ& !` F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61917d81-4542-4900-96a3-9d3c53452acd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3f528469-908f-4b8c-a977-176dd0b9867d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@tApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hE` ]Ɋ& !XE` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**`E` ]Ɋ& !XE` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**`E` ]Ɋ& !XE` F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**hE` ]Ɋ& !XE` F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**E` ]Ɋ&  !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9916b1f2-8707-49c4-ae54-e6e00aca3d42 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb32b5c7-7662-45f0-bb00-8e91abf86b69 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8E` ]Ɋ& !XE` F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PE` ]Ɋ& !XE` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PE` ]Ɋ& !XE` F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HE` ]Ɋ& !XE` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43f3H**HE` ]Ɋ& !XE` F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aa1H**HE` ]Ɋ& !XE` F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd-H**E` ]Ɋ& !E` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=353**E` ]Ɋ& !E` F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7feeaac0-5efe-473c-8111-2511794e1a9f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8b90beb-30fa-4401-a397-a469032bb298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**Xܦ` ]Ɋ& !Xܦ` F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pܦ` ]Ɋ& !Xܦ` F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hܦ` ]Ɋ& !Xܦ` F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ܦ` ]Ɋ& !Xܦ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e5f0c79-aa84-40a0-aa1b-d21395ce3cb2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXܦ` F&wid@ 65535 Eng ]Ɋ& ndX F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=70d5f934-723f-4998-9994-7f6cc4831122 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkpKAu`Mu=VysMc&&**8 )N ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X)N F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8)N ]Ɋ& !X)N F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8)N ]Ɋ& !X)N F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**)N ]Ɋ& !)N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30e3b10d-e8d2-4500-9570-4b4cff2d42b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94**cN ]Ɋ& !cN F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30e3b10d-e8d2-4500-9570-4b4cff2d42b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hN ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hN ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hN ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d-h**N ]Ɋ&  !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7ac7af9-4106-4bc4-aa39-247490bc781f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**^N ]Ɋ& !^N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7ac7af9-4106-4bc4-aa39-247490bc781f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**GN ]Ɋ& '!XGN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**GN ]Ɋ& ?!XGN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**GN ]Ɋ& ;!XGN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**GN ]Ɋ& 3!XGN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **GN ]Ɋ& 3!XGN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**GN ]Ɋ& 5!XGN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0GN ]Ɋ& !GN F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddba0b25-4cd1-4a8c-8788-373bfb5227ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@t(N ]Ɋ& !t(N F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddba0b25-4cd1-4a8c-8788-373bfb5227ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**?$Q ]Ɋ& )!X?$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**?$Q ]Ɋ& A!X?$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**?$Q ]Ɋ& =!X?$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**?$Q ]Ɋ& 5!X?$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**?$Q ]Ɋ& 5!X?$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**?$Q ]Ɋ& 7!X?$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0?$Q ]Ɋ& !?$Q F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bb6ddc2-9c16-401c-af86-6bb345759d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@@$Q ]Ɋ& !@$Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bb6ddc2-9c16-401c-af86-6bb345759d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e5-@**XlyA$Q ]Ɋ& !XlyA$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**plyA$Q ]Ɋ& !XlyA$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hlyA$Q ]Ɋ& !XlyA$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ch**`lyA$Q ]Ɋ& !XlyA$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**`lyA$Q ]Ɋ& !XlyA$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**hlyA$Q ]Ɋ& !XlyA$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**lyA$Q ]Ɋ&  !lyA$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cd20e1a-0fe0-415c-9949-b6865b4bfbb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**lyA$Q ]Ɋ& !lyA$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cd20e1a-0fe0-415c-9949-b6865b4bfbb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8lyA$Q ]Ɋ& !XlyA$Q F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PlyA$Q ]Ɋ& !XlyA$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PlyA$Q ]Ɋ& !XlyA$Q F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HlyA$Q ]Ɋ& !XlyA$Q F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f492H**HlyA$Q ]Ɋ& !XlyA$Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-837H**HlyA$Q ]Ɋ& !XlyA$Q F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4-H**lyA$Q ]Ɋ& !lyA$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcb099f3-7f95-49d2-8a8f-55d919e94d65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=279**B$Q ]Ɋ& !B$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcb099f3-7f95-49d2-8a8f-55d919e94d65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**XB$Q ]Ɋ& !XB$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pB$Q ]Ɋ& !XB$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hB$Q ]Ɋ& !XB$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`B$Q ]Ɋ& !XB$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXB$Q F&wid@ 65535 Eng ]Ɋ& ndX)N F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X~mL~ F&aceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@{%HxMu=VysMc&&**hB$Q ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XB$Q F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`B$Q ]Ɋ& !XB$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**B$Q ]Ɋ& !B$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d1161ff-49cb-4bbd-a009-fdea50a788f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**B$Q ]Ɋ& !B$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d1161ff-49cb-4bbd-a009-fdea50a788f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(B$Q ]Ɋ& !XB$Q F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@B$Q ]Ɋ& !XB$Q F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@B$Q ]Ɋ& !XB$Q F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8B$Q ]Ɋ& !XB$Q F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8B$Q ]Ɋ& !XB$Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8B$Q ]Ɋ& !XB$Q F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**B$Q ]Ɋ& !B$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dd08874-c80e-4b20-9291-5260ff22811c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**/CC$Q ]Ɋ& !/CC$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dd08874-c80e-4b20-9291-5260ff22811c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X E$Q ]Ɋ& !X E$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p E$Q ]Ɋ& !X E$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p E$Q ]Ɋ& !X E$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h E$Q ]Ɋ& !X E$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h E$Q ]Ɋ& !X E$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h E$Q ]Ɋ& !X E$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h** E$Q ]Ɋ&  ! E$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875d9ee3-76d6-49f3-9a0a-57c210cf46f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**E$Q ]Ɋ& !E$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875d9ee3-76d6-49f3-9a0a-57c210cf46f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring** >F$Q ]Ɋ& '!X >F$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O** >F$Q ]Ɋ& ?!X >F$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l** >F$Q ]Ɋ& ;!X >F$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** >F$Q ]Ɋ& 3!X >F$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==23** >F$Q ]Ɋ& 3!X >F$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li** >F$Q ]Ɋ& 5!X >F$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=25**0 >F$Q ]Ɋ& ! >F$Q F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fdf3c430-e710-4167-9f2d-0f47c70f01f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@MoG$Q ]Ɋ& !MoG$Q F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fdf3c430-e710-4167-9f2d-0f47c70f01f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**S ]Ɋ& )!XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**S ]Ɋ& A!XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **S ]Ɋ& =!XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& 5!XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& 5!XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **S ]Ɋ& 7!XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0BS ]Ɋ& !BS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08fa0eda-be6b-40e3-87e5-9c8eb95d66fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@"S ]Ɋ& !"S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08fa0eda-be6b-40e3-87e5-9c8eb95d66fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XoS ]Ɋ& !XoS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**poS ]Ɋ& !XoS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hoS ]Ɋ& !XoS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`oS ]Ɋ& !XoS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**` oS ]Ɋ& !XoS  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h oS ]Ɋ& !XoS  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich** oS ]Ɋ&  !oS  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a78d431b-b85f-440e-bb72-bb19c1e71a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=** oS ]Ɋ& !oS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a78d431b-b85f-440e-bb72-bb19c1e71a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8 oS ]Ɋ& !XoS  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PoS ]Ɋ& !XoS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PoS ]Ɋ& !XoS F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HoS ]Ɋ& !XoS F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HoS ]Ɋ& !XoS F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8303H PipelineI ]Ɋ&  XoS F&ElfChnkBBhQ"YMu=VysMc&&**HoS ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!XoS F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**oS ]Ɋ& !oS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=891e9467-6e3e-4ab2-a10a-12996f3b528a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**TS ]Ɋ& !TS F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=891e9467-6e3e-4ab2-a10a-12996f3b528a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XTS ]Ɋ& !XTS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pTS ]Ɋ& !XTS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hTS ]Ɋ& !XTS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`TS ]Ɋ& !XTS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`TS ]Ɋ& !XTS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`TS ]Ɋ& !XTS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**TS ]Ɋ& !TS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2784e33-a42d-430e-9927-27189757c94a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2784e33-a42d-430e-9927-27189757c94a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 S ]Ɋ& !XS  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8!S ]Ɋ& !XS! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==d48**8"S ]Ɋ& !XS" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**#S ]Ɋ& !S# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9d89f7d-f155-4b13-a353-3e2df0f4d636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**$3S ]Ɋ& !3S$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9d89f7d-f155-4b13-a353-3e2df0f4d636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X%S ]Ɋ& !XS% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p&S ]Ɋ& !XS& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p'S ]Ɋ& !XS' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h(S ]Ɋ& !XS( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h)S ]Ɋ& !XS) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h*S ]Ɋ& !XS* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**+S ]Ɋ&  !S+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d996150d-8841-4f28-82a9-5d280c317dd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,#S ]Ɋ& !#S, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d996150d-8841-4f28-82a9-5d280c317dd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **- S ]Ɋ& '!X S- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**. S ]Ɋ& ?!X S. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**/ S ]Ɋ& ;!X S/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**0 S ]Ɋ& 3!X S0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**1 S ]Ɋ& 3!X S1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**2 S ]Ɋ& 5!X S2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**03 S ]Ɋ& ! S3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9fc97eb-c42b-4e6e-b46c-ed72cfb152a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@4I!S ]Ɋ& !I!S4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9fc97eb-c42b-4e6e-b46c-ed72cfb152a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @**5=XU ]Ɋ& )!X=XU5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**6=XU ]Ɋ& A!X=XU6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**7=XU ]Ɋ& =!X=XU7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8=XU ]Ɋ& 5!X=XU8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9=XU ]Ɋ& 5!X=XU9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**:=XU ]Ɋ& 7!X=XU: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;=XU ]Ɋ& !=XU; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f54eb99c-4d18-4c93-ac5b-a089d64c3fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<jEYU ]Ɋ& !jEYU< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f54eb99c-4d18-4c93-ac5b-a089d64c3fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X=-[U ]Ɋ& !X-[U= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p>-[U ]Ɋ& !X-[U> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h?-[U ]Ɋ& !X-[U? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`@-[U ]Ɋ& !X-[U@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`A-[U ]Ɋ& !X-[UA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hB-[U ]Ɋ& !X-[UB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& XoS-[UElfChnkCsCsln wMu=VysMc&&**C-[U ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !-[UC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fd4349-e511-4eca-84bb-98213058a0d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D-[U ]Ɋ& !-[UD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fd4349-e511-4eca-84bb-98213058a0d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Eħ[U ]Ɋ& !Xħ[UE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PFħ[U ]Ɋ& !Xħ[UF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**PGħ[U ]Ɋ& !Xħ[UG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**HHħ[U ]Ɋ& !Xħ[UH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HIħ[U ]Ɋ& !Xħ[UI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HJħ[U ]Ɋ& !Xħ[UJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**Kħ[U ]Ɋ& !ħ[UK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7a4d06a-27bc-4479-aa69-3172cff32327 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**Lħ[U ]Ɋ& !ħ[UL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7a4d06a-27bc-4479-aa69-3172cff32327 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XMħ[U ]Ɋ& !Xħ[UM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pNħ[U ]Ɋ& !Xħ[UN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hOħ[U ]Ɋ& !Xħ[UO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`Pħ[U ]Ɋ& !Xħ[UP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`Qħ[U ]Ɋ& !Xħ[UQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`Rħ[U ]Ɋ& !Xħ[UR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**SZ@\U ]Ɋ& !Z@\US F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7c59bd-0099-4bf6-b01d-37b371ba9ae4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TZ@\U ]Ɋ& !Z@\UT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7c59bd-0099-4bf6-b01d-37b371ba9ae4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(UZ@\U ]Ɋ& !XZ@\UU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@VZ@\U ]Ɋ& !XZ@\UV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@WZ@\U ]Ɋ& !XZ@\UW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8XZ@\U ]Ɋ& !XZ@\UX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8YZ@\U ]Ɋ& !XZ@\UY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8ZZ@\U ]Ɋ& !XZ@\UZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[Z@\U ]Ɋ& !Z@\U[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ac277ed4-d766-4564-b8a0-8b8d893d277d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**\\U ]Ɋ& !\U\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ac277ed4-d766-4564-b8a0-8b8d893d277d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X]K;_U ]Ɋ& !XK;_U] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p^K;_U ]Ɋ& !XK;_U^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p_K;_U ]Ɋ& !XK;_U_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h`K;_U ]Ɋ& !XK;_U` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**haK;_U ]Ɋ& !XK;_Ua F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hbK;_U ]Ɋ& !XK;_Ub F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**cK;_U ]Ɋ&  !K;_Uc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b1f281d-d7e3-4037-834e-d67485dbd914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d_U ]Ɋ& !_Ud F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b1f281d-d7e3-4037-834e-d67485dbd914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**e_U ]Ɋ& '!X_Ue F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**f_U ]Ɋ& ?!X_Uf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**g_U ]Ɋ& ;!X_Ug F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**h_U ]Ɋ& 3!X_Uh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**i_U ]Ɋ& 3!X_Ui F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**j_U ]Ɋ& 5!X_Uj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0k_U ]Ɋ& !_Uk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2050e0cf-4ff4-4534-b06c-45e80087a3ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@lxl`U ]Ɋ& !xl`Ul F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2050e0cf-4ff4-4534-b06c-45e80087a3ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c93-@**mxl6X ]Ɋ& )!Xxl6Xm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**nxl6X ]Ɋ& A!Xxl6Xn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**oxl6X ]Ɋ& =!Xxl6Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=25**pxl6X ]Ɋ& 5!Xxl6Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**qxl6X ]Ɋ& 5!Xxl6Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**rxl6X ]Ɋ& 7!Xxl6Xr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sxl6X ]Ɋ& !xl6Xs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnkttXQMu=VysMc&&**@t6X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!6Xt F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xu6X ]Ɋ& !X6Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ecaX**pv6X ]Ɋ& !X6Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hw6X ]Ɋ& !X6Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`x6X ]Ɋ& !X6Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`y6X ]Ɋ& !X6Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz6X ]Ɋ& !X6Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**{6X ]Ɋ&  !6X{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7c5f468-9a9a-49bb-b919-2f4618f160c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**|6X ]Ɋ& !6X| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7c5f468-9a9a-49bb-b919-2f4618f160c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8};66X ]Ɋ& !X;66X} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**P~;66X ]Ɋ& !X;66X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P;66X ]Ɋ& !X;66X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**H;66X ]Ɋ& !X;66X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**H;66X ]Ɋ& !X;66X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**H;66X ]Ɋ& !X;66X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**;66X ]Ɋ& !;66X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76da4c5f-40dc-42c1-94b7-ba27264f5df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**;66X ]Ɋ& !;66X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76da4c5f-40dc-42c1-94b7-ba27264f5df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X;66X ]Ɋ& !X;66X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-37bX**p;66X ]Ɋ& !X;66X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h;66X ]Ɋ& !X;66X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`;66X ]Ɋ& !X;66X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-`**`;66X ]Ɋ& !X;66X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`;66X ]Ɋ& !X;66X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;66X ]Ɋ& !;66X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=600f4cac-bbab-4d35-a698-8999d3942381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**;66X ]Ɋ& !;66X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=600f4cac-bbab-4d35-a698-8999d3942381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(μ6X ]Ɋ& !Xμ6X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@μ6X ]Ɋ& !Xμ6X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@μ6X ]Ɋ& !Xμ6X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8μ6X ]Ɋ& !Xμ6X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8μ6X ]Ɋ& !Xμ6X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8μ6X ]Ɋ& !Xμ6X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**μ6X ]Ɋ& !μ6X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a27c875a-1ad6-4189-b4b1-77306917576c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **hg6X ]Ɋ& !hg6X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a27c875a-1ad6-4189-b4b1-77306917576c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X6X ]Ɋ& !X6X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p6X ]Ɋ& !X6X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p6X ]Ɋ& !X6X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h6X ]Ɋ& !X6X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h6X ]Ɋ& !X6X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h6X ]Ɋ& !X6X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**6X ]Ɋ&  !6X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=035c63b1-1767-457c-9b22-2f3fe8ebcea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6X ]Ɋ& !6X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=035c63b1-1767-457c-9b22-2f3fe8ebcea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**6X ]Ɋ& '!X6X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**6X ]Ɋ& ?!X6X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**6X ]Ɋ& ;!X6X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6X ]Ɋ& 3!X6X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**6X ]Ɋ& 3!X6X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**6X ]Ɋ& 5!X6X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **06X ]Ɋ& !6X F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0342a6f2-1965-44ed-9ed9-34584d1a48d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,6X F&on=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnk%N_[Mu=VysMc&&**@ ,6X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!,6X F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0342a6f2-1965-44ed-9ed9-34584d1a48d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **Z ]Ɋ& )!XZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **Z ]Ɋ& A!XZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**Z ]Ɋ& =!XZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z ]Ɋ& 5!XZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Z ]Ɋ& 5!XZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**Z ]Ɋ& 7!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0lZ ]Ɋ& !lZ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1610774-3b3b-4d43-bf7c-407b3db9e540 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@BZ ]Ɋ& !BZ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1610774-3b3b-4d43-bf7c-407b3db9e540 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X/sZ ]Ɋ& !X/sZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p/sZ ]Ɋ& !X/sZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h/sZ ]Ɋ& !X/sZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`/sZ ]Ɋ& !X/sZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`/sZ ]Ɋ& !X/sZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h/sZ ]Ɋ& !X/sZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**/sZ ]Ɋ&  !/sZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af000d66-5a24-4a2b-867d-a5a4ccf49a72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **/sZ ]Ɋ& !/sZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af000d66-5a24-4a2b-867d-a5a4ccf49a72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8 Z ]Ɋ& !X Z F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P Z ]Ɋ& !X Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P Z ]Ɋ& !X Z F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H Z ]Ɋ& !X Z F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H Z ]Ɋ& !X Z F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H Z ]Ɋ& !X Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH** Z ]Ɋ& ! Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3c3d8fa-f6b7-4f9e-b562-a32522aed4fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft** Z ]Ɋ& ! Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3c3d8fa-f6b7-4f9e-b562-a32522aed4fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XZ ]Ɋ& !XZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pZ ]Ɋ& !XZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hZ ]Ɋ& !XZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`Z ]Ɋ& !XZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`Z ]Ɋ& !XZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`Z ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**MZ ]Ɋ& !MZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82888bc9-d272-4d73-8209-0bca7daa798c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**MZ ]Ɋ& !MZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82888bc9-d272-4d73-8209-0bca7daa798c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(Z ]Ɋ& !XZ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@Z ]Ɋ& !XZ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Z ]Ɋ& !XZ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8Z ]Ɋ& !XZ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8Z ]Ɋ& !XZ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8Z ]Ɋ& !XZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**Z ]Ɋ& !Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5c0e174-9ecd-4a1e-9576-ab2c12a889a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**.Z ]Ɋ& !.Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5c0e174-9ecd-4a1e-9576-ab2c12a889a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X#Z ]Ɋ& !X#Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p#Z ]Ɋ& !X#Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p#Z ]Ɋ& !X#Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h#Z ]Ɋ& !X#Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h#Z ]Ɋ& !X#Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9cch**h#Z ]Ɋ& !X#Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**#Z ]Ɋ&  !#Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5fd315b0-1a41-4faa-844b-05539cb6d20f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **TZ ]Ɋ& ;!XTZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**TZ ]Ɋ& 3!XTZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**TZ ]Ɋ& 3!XTZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**TZ ]Ɋ& 5!XTZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0TZ ]Ɋ& !TZ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4702cac4-53f2-426f-bfee-3c55d1c08bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@iZ ]Ɋ& !iZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4702cac4-53f2-426f-bfee-3c55d1c08bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**V\ ]Ɋ& )!XV\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**V\ ]Ɋ& A!XV\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**V\ ]Ɋ& =!XV\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**V\ ]Ɋ& 5!XV\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4**V\ ]Ɋ& 5!XV\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**V\ ]Ɋ& 7!XV\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0V\ ]Ɋ& !V\ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a93a29b-8be2-4088-9fba-e9461b010a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@#W\ ]Ɋ& !#W\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a93a29b-8be2-4088-9fba-e9461b010a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XTX\ ]Ɋ& !XTX\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**pTX\ ]Ɋ& !XTX\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**hTX\ ]Ɋ& !XTX\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`TX\ ]Ɋ& !XTX\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`TX\ ]Ɋ& !XTX\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hTX\ ]Ɋ& !XTX\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**TX\ ]Ɋ&  !TX\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=07eeb529-d4bf-4669-9153-5d0f7a767208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ÿ**SX\ ]Ɋ& !SX\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=07eeb529-d4bf-4669-9153-5d0f7a767208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8SX\ ]Ɋ& !XSX\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PSX\ ]Ɋ& !XSX\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PSX\ ]Ɋ& !XSX\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HSX\ ]Ɋ& !XSX\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HSX\ ]Ɋ& !XSX\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HSX\ ]Ɋ& !XSX\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**SX\ ]Ɋ& !SX\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7573cb8-ae4c-4214-9f4b-adf9d37126a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****Y\ ]Ɋ& !Y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7573cb8-ae4c-4214-9f4b-adf9d37126a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XY\ ]Ɋ& !XY\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pY\ ]Ɋ& !XY\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hY\ ]Ɋ& !XY\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`Y\ ]Ɋ& !XY\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`Y\ ]Ɋ& !XY\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`Y\ ]Ɋ& !XY\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Y\ ]Ɋ& !Y\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f701f9-0709-4b51-832a-fb0cd4f0aa7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**Y\ ]Ɋ& !Y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f701f9-0709-4b51-832a-fb0cd4f0aa7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(Z\ ]Ɋ& !XZ\ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@Z\ ]Ɋ& !XZ\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@Z\ ]Ɋ& !XZ\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8Z\ ]Ɋ& !XZ\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8Z\ ]Ɋ& !XZ\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#8**8Z\ ]Ɋ& !XZ\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Z\ ]Ɋ& !Z\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=accf83fb-7cd2-4c64-b7d2-01b77ce83845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**Z\ ]Ɋ& !Z\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=accf83fb-7cd2-4c64-b7d2-01b77ce83845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**Xڀ\\ ]Ɋ& !Xڀ\\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pڀ\\ ]Ɋ& !Xڀ\\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**pڀ\\ ]Ɋ& !Xڀ\\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**hڀ\\ ]Ɋ& !Xڀ\\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=Xڀ\\  F&4564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnk ; ;ꩡןMu=VysMc&&**h ڀ\\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xڀ\\  F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h ڀ\\ ]Ɋ& !Xڀ\\  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ڀ\\ ]Ɋ&  !ڀ\\  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5601e6ab-602b-4c76-a391-7e2056b63525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H** p]\ ]Ɋ& !p]\  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5601e6ab-602b-4c76-a391-7e2056b63525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ]\ ]Ɋ& '!X]\  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**]\ ]Ɋ& ?!X]\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**]\ ]Ɋ& ;!X]\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f73**]\ ]Ɋ& 3!X]\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**]\ ]Ɋ& 3!X]\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=347**]\ ]Ɋ& 5!X]\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0]\ ]Ɋ& !]\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81cacc17-ce6b-4b25-9122-ea4434c93add PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@J^\ ]Ɋ& !J^\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81cacc17-ce6b-4b25-9122-ea4434c93add PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**G)5I_ ]Ɋ& )!XG)5I_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **G)5I_ ]Ɋ& A!XG)5I_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**G)5I_ ]Ɋ& =!XG)5I_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**G)5I_ ]Ɋ& 5!XG)5I_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**G)5I_ ]Ɋ& 5!XG)5I_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**G)5I_ ]Ɋ& 7!XG)5I_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0G)5I_ ]Ɋ& !G)5I_ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=626cb139-3689-4734-a6ad-2b46f37f2d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@tZ6I_ ]Ɋ& !tZ6I_ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=626cb139-3689-4734-a6ad-2b46f37f2d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X 6I_ ]Ɋ& !X 6I_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p 6I_ ]Ɋ& !X 6I_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h 6I_ ]Ɋ& !X 6I_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` 6I_ ]Ɋ& !X 6I_  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`! 6I_ ]Ɋ& !X 6I_! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h" 6I_ ]Ɋ& !X 6I_" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**# 6I_ ]Ɋ&  ! 6I_# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee59ac12-102c-42e4-a86c-fe4c5cfbd3f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**$ 6I_ ]Ɋ& ! 6I_$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee59ac12-102c-42e4-a86c-fe4c5cfbd3f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8%7I_ ]Ɋ& !X7I_% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P&7I_ ]Ɋ& !X7I_& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P'7I_ ]Ɋ& !X7I_' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H(7I_ ]Ɋ& !X7I_( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H)7I_ ]Ɋ& !X7I_) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H*7I_ ]Ɋ& !X7I_* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**+7I_ ]Ɋ& !7I_+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85aa62fa-4302-4a19-9ab2-cf2d588d460c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**,7I_ ]Ɋ& !7I_, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85aa62fa-4302-4a19-9ab2-cf2d588d460c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X-7I_ ]Ɋ& !X7I_- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p.7I_ ]Ɋ& !X7I_. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h/7I_ ]Ɋ& !X7I_/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`07I_ ]Ɋ& !X7I_0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`17I_ ]Ɋ& !X7I_1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`27I_ ]Ɋ& !X7I_2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**38$8I_ ]Ɋ& !8$8I_3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4c763ee-83fd-40db-bb8c-ba2632072c02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**48$8I_ ]Ɋ& !8$8I_4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4c763ee-83fd-40db-bb8c-ba2632072c02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(58$8I_ ]Ɋ& !X8$8I_5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@68$8I_ ]Ɋ& !X8$8I_6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@78$8I_ ]Ɋ& !X8$8I_7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**888$8I_ ]Ɋ& !X8$8I_8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**898$8I_ ]Ɋ& !X8$8I_9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8:8$8I_ ]Ɋ& !X8$8I_: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**;8$8I_ ]Ɋ& !8$8I_; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f6f63e7-d222-4a58-a8b7-643b773848c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  μ8I_< F&oS-[UElfChnk<m<mpxMu=VysMc&&** <μ8I_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!μ8I_< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f6f63e7-d222-4a58-a8b7-643b773848c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X=:I_ ]Ɋ& !X:I_= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p>:I_ ]Ɋ& !X:I_> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p?:I_ ]Ɋ& !X:I_? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h@:I_ ]Ɋ& !X:I_@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hA:I_ ]Ɋ& !X:I_A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hB:I_ ]Ɋ& !X:I_B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]h**C:I_ ]Ɋ&  !:I_C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db9832bd-bc83-45da-8ef6-1d980af6ef53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**D(;I_ ]Ɋ& !(;I_D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db9832bd-bc83-45da-8ef6-1d980af6ef53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**E;I_ ]Ɋ& '!X;I_E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**F;I_ ]Ɋ& ?!X;I_F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**G;I_ ]Ɋ& ;!X;I_G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**H;I_ ]Ɋ& 3!X;I_H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**I;I_ ]Ɋ& 3!X;I_I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**J;I_ ]Ɋ& 5!X;I_J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0K;I_ ]Ɋ& !;I_K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a841badc-9759-42ab-9f0f-9e90a0dcbb23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@L9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@od0a ]Ɋ& !Xd0ao F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8pd0a ]Ɋ& !Xd0ap F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8qd0a ]Ɋ& !Xd0aq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8rd0a ]Ɋ& !Xd0ar F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**sd0a ]Ɋ& !d0as F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c71be44f-ef9b-4229-8d7c-06112b82db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**td0a ]Ɋ& !d0at F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c71be44f-ef9b-4229-8d7c-06112b82db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**Xu'2a ]Ɋ& !X'2au F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pv'2a ]Ɋ& !X'2av F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pw'2a ]Ɋ& !X'2aw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b98p**hx'2a ]Ɋ& !X'2ax F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hy'2a ]Ɋ& !X'2ay F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;h**hz'2a ]Ɋ& !X'2az F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{'2a ]Ɋ&  !'2a{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1f8fff-56f5-4dee-9ebd-a2ee45997158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**|_3a ]Ɋ& !_3a| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1f8fff-56f5-4dee-9ebd-a2ee45997158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**}_3a ]Ɋ& '!X_3a} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**~_3a ]Ɋ& ?!X_3a~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**_3a ]Ɋ& ;!X_3a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**_3a ]Ɋ& 3!X_3a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**_3a ]Ɋ& 3!X_3a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**_3a ]Ɋ& 5!X_3a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0_3a ]Ɋ& !_3a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0eaf9d2-1edf-4ecc-8f24-772c3ddd013b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ea0**@4a ]Ɋ& !4a F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0eaf9d2-1edf-4ecc-8f24-772c3ddd013b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**sc ]Ɋ& )!Xsc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**sc ]Ɋ& A!Xsc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**sc ]Ɋ& =!Xsc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**sc ]Ɋ& 5!Xsc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**sc ]Ɋ& 5!Xsc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**sc ]Ɋ& 7!Xsc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0sc ]Ɋ& !sc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5df37948-3266-4f74-bd78-b5d3d6cf52f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@c ]Ɋ& !c F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5df37948-3266-4f74-bd78-b5d3d6cf52f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X c ]Ɋ& !X c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p c ]Ɋ& !X c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h c ]Ɋ& !X c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` c ]Ɋ& !X c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` c ]Ɋ& !X c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h c ]Ɋ& !X c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh** c ]Ɋ&  ! c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=377b3a5f-4bb5-467b-9839-d0b2670b09c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**dc ]Ɋ& !dc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=377b3a5f-4bb5-467b-9839-d0b2670b09c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8dc ]Ɋ& !Xdc F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Pdc ]Ɋ& !Xdc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Pdc ]Ɋ& !Xdc F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hdc ]Ɋ& !Xdc F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hdc ]Ɋ& !Xdc F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hdc ]Ɋ& !Xdc F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7H**dc ]Ɋ& !dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=917b2eb5-3aa1-4fe0-949f-78041aefc52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**>c ]Ɋ& !>c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=917b2eb5-3aa1-4fe0-949f-78041aefc52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = Xc F&  Xd0an F&  μ8I_< F&oS-[UElfChnk(xEܧ?MMu=VysMc&&**pc ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xc F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`c ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**Tc ]Ɋ& !Tc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4aa39b69-4220-40c1-9cf4-b78faa73ef5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Tc ]Ɋ& !Tc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4aa39b69-4220-40c1-9cf4-b78faa73ef5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(Tc ]Ɋ& !XTc F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Tc ]Ɋ& !XTc F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2@**@Tc ]Ɋ& !XTc F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8Tc ]Ɋ& !XTc F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8Tc ]Ɋ& !XTc F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8Tc ]Ɋ& !XTc F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**9c ]Ɋ& !9c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5729427f-8244-4e91-a44c-ab88ed8a4faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5729427f-8244-4e91-a44c-ab88ed8a4faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='2**X5c ]Ɋ& !X5c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p5c ]Ɋ& !X5c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p5c ]Ɋ& !X5c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**h5c ]Ɋ& !X5c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**h5c ]Ɋ& !X5c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**h5c ]Ɋ& !X5c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**5c ]Ɋ&  !5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5faa03d-4d49-4e32-a527-77b83858daeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**/c ]Ɋ& !/c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5faa03d-4d49-4e32-a527-77b83858daeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**bc ]Ɋ& '!Xbc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**bc ]Ɋ& ?!Xbc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**bc ]Ɋ& ;!Xbc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bf6**bc ]Ɋ& 3!Xbc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**bc ]Ɋ& 3!Xbc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=631**bc ]Ɋ& 5!Xbc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0bc ]Ɋ& !bc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e81c8a8-40f9-4ce2-8fc3-32df68681a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@`c ]Ɋ& !`c F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e81c8a8-40f9-4ce2-8fc3-32df68681a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**n[f ]Ɋ& )!Xn[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**n[f ]Ɋ& A!Xn[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **n[f ]Ɋ& =!Xn[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**n[f ]Ɋ& 5!Xn[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **n[f ]Ɋ& 5!Xn[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**n[f ]Ɋ& 7!Xn[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0n[f ]Ɋ& !n[f F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55aaae59-fe35-4833-b93a-1317d52b8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@[f ]Ɋ& ![f F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55aaae59-fe35-4833-b93a-1317d52b8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X1V[f ]Ɋ& !X1V[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p1V[f ]Ɋ& !X1V[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h1V[f ]Ɋ& !X1V[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`1V[f ]Ɋ& !X1V[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`1V[f ]Ɋ& !X1V[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h1V[f ]Ɋ& !X1V[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**1V[f ]Ɋ&  !1V[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da8a288-319d-4af3-af2d-52b9773f0a86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**1V[f ]Ɋ& !1V[f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da8a288-319d-4af3-af2d-52b9773f0a86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8[f ]Ɋ& !X[f F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P[f ]Ɋ& !X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P[f ]Ɋ& !X[f F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&oSXElfChnk0$P^fMu=VysMc&&**H[f ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X[f F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H[f ]Ɋ& !X[f F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H[f ]Ɋ& !X[f F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**[f ]Ɋ& ![f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44127589-a774-4dd0-9851-da1565160596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**"Q[f ]Ɋ& !"Q[f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44127589-a774-4dd0-9851-da1565160596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X"Q[f ]Ɋ& !X"Q[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p"Q[f ]Ɋ& !X"Q[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h"Q[f ]Ɋ& !X"Q[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`"Q[f ]Ɋ& !X"Q[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`"Q[f ]Ɋ& !X"Q[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`"Q[f ]Ɋ& !X"Q[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**"Q[f ]Ɋ& !"Q[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3289ca88-5c6b-4948-81af-5b9573cb88f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3289ca88-5c6b-4948-81af-5b9573cb88f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(|[f ]Ɋ& !X|[f F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@|[f ]Ɋ& !X|[f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@|[f ]Ɋ& !X|[f F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8|[f ]Ɋ& !X|[f F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8|[f ]Ɋ& !X|[f F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8|[f ]Ɋ& !X|[f F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**|[f ]Ɋ& !|[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=50bbd76c-9efe-43e3-92a4-d2f7bd99292a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=50bbd76c-9efe-43e3-92a4-d2f7bd99292a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X[f ]Ɋ& !X[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p[f ]Ɋ& !X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p[f ]Ɋ& !X[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h[f ]Ɋ& !X[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h[f ]Ɋ& !X[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h[f ]Ɋ& !X[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**[f ]Ɋ&  ![f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c395da95-2005-4d6b-aec9-6d2bdbcec407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c395da95-2005-4d6b-aec9-6d2bdbcec407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**[f ]Ɋ& '!X[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**[f ]Ɋ& ?!X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **[f ]Ɋ& ;!X[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& 3!X[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**[f ]Ɋ& 3!X[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**[f ]Ɋ& 5!X[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0-[f ]Ɋ& !-[f F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f263916c-be5c-4c77-b530-bbb4d2d0d202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@L[f ]Ɋ& !L[f F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f263916c-be5c-4c77-b530-bbb4d2d0d202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-fe@**sh ]Ɋ& )!Xsh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**sh ]Ɋ& A!Xsh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**sh ]Ɋ& =!Xsh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-6**sh ]Ɋ& 5!Xsh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**sh ]Ɋ& 5!Xsh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**sh ]Ɋ& 7!Xsh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sh ]Ɋ& !sh F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f058360-3841-41c7-9764-7c430a532770 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ݖh ]Ɋ& !ݖh F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f058360-3841-41c7-9764-7c430a532770 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xh ]Ɋ& !Xh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**ph ]Ɋ& !Xh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hh ]Ɋ& !Xh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`h ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk00܌q7Mu=VysMc&&**hh ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xh F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hh ]Ɋ& !Xh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ&  !h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f719733-a3d7-4636-a251-292538237f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**h ]Ɋ& !h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f719733-a3d7-4636-a251-292538237f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8ch ]Ɋ& !Xch F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pch ]Ɋ& !Xch F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pch ]Ɋ& !Xch F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hch ]Ɋ& !Xch F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H ch ]Ɋ& !Xch  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ch ]Ɋ& !Xch  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H** ch ]Ɋ& !ch  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9c73bfd-ea9d-46db-bd90-0cb280d6084f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ?h ]Ɋ& !?h  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9c73bfd-ea9d-46db-bd90-0cb280d6084f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X h ]Ɋ& !X h  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p h ]Ɋ& !X h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h h ]Ɋ& !X h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**` h ]Ɋ& !X h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` h ]Ɋ& !X h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` h ]Ɋ& !X h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** h ]Ɋ& ! h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aab36efe-93dd-4d78-88d1-c01e696dca94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** h ]Ɋ& ! h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aab36efe-93dd-4d78-88d1-c01e696dca94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(Th ]Ɋ& !XTh F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@Th ]Ɋ& !XTh F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@Th ]Ɋ& !XTh F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8Th ]Ɋ& !XTh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8Th ]Ɋ& !XTh F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=67-8**8Th ]Ɋ& !XTh F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**Th ]Ɋ& !Th F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=96a64a1b-ca4e-40b2-8620-4e93c1b05cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**:h ]Ɋ& !:h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=96a64a1b-ca4e-40b2-8620-4e93c1b05cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**Xh ]Ɋ& !Xh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**ph ]Ɋ& !Xh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**ph ]Ɋ& !Xh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h h ]Ɋ& !Xh  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h!h ]Ɋ& !Xh! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h"h ]Ɋ& !Xh" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#h ]Ɋ&  !h# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0aa8165-7039-4d59-bbb6-f0ecd2ef98b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**$&h ]Ɋ& !&h$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0aa8165-7039-4d59-bbb6-f0ecd2ef98b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**%!h ]Ɋ& '!X!h% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**&!h ]Ɋ& ?!X!h& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**'!h ]Ɋ& ;!X!h' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**(!h ]Ɋ& 3!X!h( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **)!h ]Ɋ& 3!X!h) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP***!h ]Ɋ& 5!X!h* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0+!h ]Ɋ& !!h+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=745c9541-0395-4362-9b81-cf9969cdd3db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@,3h ]Ɋ& !3h, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=745c9541-0395-4362-9b81-cf9969cdd3db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**-R k ]Ɋ& )!XR k- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**.R k ]Ɋ& A!XR k. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**/R k ]Ɋ& =!XR k/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**0R k ]Ɋ& 5!XR k0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXR k1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk1a1apPqMu=VysMc&&**1R k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XR k1 F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **2R k ]Ɋ& 7!XR k2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **03R k ]Ɋ& !R k3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cabbdb44-3e84-4b0c-9cd1-067f2b3edf74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@4ă k ]Ɋ& !ă k4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cabbdb44-3e84-4b0c-9cd1-067f2b3edf74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X5Z k ]Ɋ& !XZ k5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p6Z k ]Ɋ& !XZ k6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h7Z k ]Ɋ& !XZ k7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`8Z k ]Ɋ& !XZ k8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`9Z k ]Ɋ& !XZ k9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h:Z k ]Ɋ& !XZ k: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**;Z k ]Ɋ&  !Z k; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2079a928-ed11-4514-b7a4-8763a09e2cf8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **<Z k ]Ɋ& !Z k< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2079a928-ed11-4514-b7a4-8763a09e2cf8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8=Z k ]Ɋ& !XZ k= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P>Z k ]Ɋ& !XZ k> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P?Z k ]Ɋ& !XZ k? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H@Z k ]Ɋ& !XZ k@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HAZ k ]Ɋ& !XZ kA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HBZ k ]Ɋ& !XZ kB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**CZ k ]Ɋ& !Z kC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2a7019c-e645-4881-ae02-c44571d93f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**DZ k ]Ɋ& !Z kD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2a7019c-e645-4881-ae02-c44571d93f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XE k ]Ɋ& !X kE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pF k ]Ɋ& !X kF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hG k ]Ɋ& !X kG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`H k ]Ɋ& !X kH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`I k ]Ɋ& !X kI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`J k ]Ɋ& !X kJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**K k ]Ɋ& ! kK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=850d37be-d05c-457f-93d8-b2f61322b4fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**L k ]Ɋ& ! kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=850d37be-d05c-457f-93d8-b2f61322b4fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(MM k ]Ɋ& !XM kM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@NM k ]Ɋ& !XM kN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@OM k ]Ɋ& !XM kO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8PM k ]Ɋ& !XM kP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8QM k ]Ɋ& !XM kQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8RM k ]Ɋ& !XM kR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**SM k ]Ɋ& !M kS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=632b43cc-e9ee-4502-b7da-1c38ff364910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**T k ]Ɋ& ! kT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=632b43cc-e9ee-4502-b7da-1c38ff364910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XUK k ]Ɋ& !XK kU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pVK k ]Ɋ& !XK kV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pWK k ]Ɋ& !XK kW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hXK k ]Ɋ& !XK kX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hYK k ]Ɋ& !XK kY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=49ah**hZK k ]Ɋ& !XK kZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**[K k ]Ɋ&  !K k[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48948315-1830-4404-90b5-64b2e009342f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**\ᯌ k ]Ɋ& !ᯌ k\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48948315-1830-4404-90b5-64b2e009342f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**]ᯌ k ]Ɋ& '!Xᯌ k] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**^ᯌ k ]Ɋ& ?!Xᯌ k^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**_ᯌ k ]Ɋ& ;!Xᯌ k_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`ᯌ k ]Ɋ& 3!Xᯌ k` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**aᯌ k ]Ɋ& 3!Xᯌ ka F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& Xᯌ kb F&1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkbbp(g&ojz Mu=VysMc&&** bᯌ k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xᯌ kb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=403 **0cᯌ k ]Ɋ& !ᯌ kc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01b48e67-4944-40d0-b89e-894db19d33ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dxH k ]Ɋ& !xH kd F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01b48e67-4944-40d0-b89e-894db19d33ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**e{#nm ]Ɋ& )!X{#nme F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**f{#nm ]Ɋ& A!X{#nmf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **g{#nm ]Ɋ& =!X{#nmg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**h{#nm ]Ɋ& 5!X{#nmh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**i{#nm ]Ɋ& 5!X{#nmi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **j{#nm ]Ɋ& 7!X{#nmj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0k{#nm ]Ɋ& !{#nmk F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aee87534-ed11-481e-801b-3d99d56bec70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@l$nm ]Ɋ& !$nml F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aee87534-ed11-481e-801b-3d99d56bec70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XmE%nm ]Ɋ& !XE%nmm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pnE%nm ]Ɋ& !XE%nmn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hoE%nm ]Ɋ& !XE%nmo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`pE%nm ]Ɋ& !XE%nmp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`qE%nm ]Ɋ& !XE%nmq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hrE%nm ]Ɋ& !XE%nmr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**sE%nm ]Ɋ&  !E%nms F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ac1976d-0f0b-48d8-9187-1a0104b52da2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**tE%nm ]Ɋ& !E%nmt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ac1976d-0f0b-48d8-9187-1a0104b52da2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8uE%nm ]Ɋ& !XE%nmu F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PvE%nm ]Ɋ& !XE%nmv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PwE%nm ]Ɋ& !XE%nmw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HxE%nm ]Ɋ& !XE%nmx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HyE%nm ]Ɋ& !XE%nmy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**HzE%nm ]Ɋ& !XE%nmz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**{E%nm ]Ɋ& !E%nm{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56d61d2c-68ef-4147-8997-8627a0962587 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**|2%nm ]Ɋ& !2%nm| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56d61d2c-68ef-4147-8997-8627a0962587 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X}2%nm ]Ɋ& !X2%nm} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p~2%nm ]Ɋ& !X2%nm~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h2%nm ]Ɋ& !X2%nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`2%nm ]Ɋ& !X2%nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`2%nm ]Ɋ& !X2%nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`2%nm ]Ɋ& !X2%nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**2%nm ]Ɋ& !2%nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4c29c3-ead9-4b42-815a-6320107249b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2%nm ]Ɋ& !2%nm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4c29c3-ead9-4b42-815a-6320107249b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(2%nm ]Ɋ& !X2%nm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@2%nm ]Ɋ& !X2%nm F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@2%nm ]Ɋ& !X2%nm F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**82%nm ]Ɋ& !X2%nm F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**82%nm ]Ɋ& !X2%nm F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**82%nm ]Ɋ& !X2%nm F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**2%nm ]Ɋ& !2%nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f79a7b3-8b27-4cfd-bc96-381e18fe5dd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**_'nm ]Ɋ& !_'nm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f79a7b3-8b27-4cfd-bc96-381e18fe5dd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X'nm ]Ɋ& !X'nm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p'nm ]Ɋ& !X'nm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p'nm ]Ɋ& !X'nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h'nm ]Ɋ& !X'nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h'nm ]Ɋ& !X'nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h'nm ]Ɋ& !X'nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**'nm ]Ɋ&  !'nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73ea172e-c34d-4390-b6f8-ca205caf7649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu#(nm F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& Xᯌ kb F&1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkxMu=VysMc&&** #(nm ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !#(nm F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73ea172e-c34d-4390-b6f8-ca205caf7649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **#(nm ]Ɋ& '!X#(nm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& ?!X#(nm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& ;!X#(nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**#(nm ]Ɋ& 3!X#(nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& 3!X#(nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**#(nm ]Ɋ& 5!X#(nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#(nm ]Ɋ& !#(nm F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe0c8f82-6946-48fc-9708-7eaf1e402956 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@q)nm ]Ɋ& !q)nm F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe0c8f82-6946-48fc-9708-7eaf1e402956 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**=o ]Ɋ& )!X=o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**=o ]Ɋ& A!X=o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**=o ]Ɋ& =!X=o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**=o ]Ɋ& 5!X=o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **=o ]Ɋ& 5!X=o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8**=o ]Ɋ& 7!X=o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0=o ]Ɋ& !=o F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fe6c2bc-7ca9-45aa-bd29-764eb7a811f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@>o ]Ɋ& !>o F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fe6c2bc-7ca9-45aa-bd29-764eb7a811f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X?o ]Ɋ& !X?o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p?o ]Ɋ& !X?o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?o ]Ɋ& !X?o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`?o ]Ɋ& !X?o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`?o ]Ɋ& !X?o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h?o ]Ɋ& !X?o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**?o ]Ɋ&  !?o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e12f8da-8aac-4392-a17a-c7de14eb4be1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **J@o ]Ɋ& !J@o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e12f8da-8aac-4392-a17a-c7de14eb4be1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8J@o ]Ɋ& !XJ@o F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**PJ@o ]Ɋ& !XJ@o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**PJ@o ]Ɋ& !XJ@o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**HJ@o ]Ɋ& !XJ@o F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**HJ@o ]Ɋ& !XJ@o F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HJ@o ]Ɋ& !XJ@o F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**J@o ]Ɋ& !J@o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58add639-2411-42c7-9020-2fbd38d268d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**@o ]Ɋ& !@o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58add639-2411-42c7-9020-2fbd38d268d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X@o ]Ɋ& !X@o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p@o ]Ɋ& !X@o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h@o ]Ɋ& !X@o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`@o ]Ɋ& !X@o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`@o ]Ɋ& !X@o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`@o ]Ɋ& !X@o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**@o ]Ɋ& !@o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0635278-ba19-4162-8e01-b536cfceda9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**wIAo ]Ɋ& !wIAo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0635278-ba19-4162-8e01-b536cfceda9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **(wIAo ]Ɋ& !XwIAo F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@wIAo ]Ɋ& !XwIAo F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@wIAo ]Ɋ& !XwIAo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8wIAo ]Ɋ& !XwIAo F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8wIAo ]Ɋ& !XwIAo F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8wIAo ]Ɋ& !XwIAo F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**wIAo ]Ɋ& !wIAo F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0fb910bd-1de5-46e6-90c9-c8b8f0dcdbb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**zBo ]Ɋ& !zBo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0fb910bd-1de5-46e6-90c9-c8b8f0dcdbb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**XhDDo ]Ɋ& !XhDDo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**phDDo ]Ɋ& !XhDDo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXhDDo F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkA2jѨMu=VysMc&&**p hDDo ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!XhDDo F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **hhDDo ]Ɋ& !XhDDo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hhDDo ]Ɋ& !XhDDo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hhDDo ]Ɋ& !XhDDo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**Do ]Ɋ&  !Do F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e731512-fb88-4174-ae54-ce3ca39e07dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**uEo ]Ɋ& !uEo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e731512-fb88-4174-ae54-ce3ca39e07dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**+Fo ]Ɋ& '!X+Fo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**+Fo ]Ɋ& ?!X+Fo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**+Fo ]Ɋ& ;!X+Fo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**+Fo ]Ɋ& 3!X+Fo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+Fo ]Ɋ& 3!X+Fo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **+Fo ]Ɋ& 5!X+Fo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+Fo ]Ɋ& !+Fo F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d8da193-b3b4-4f5b-933d-3c4231a77a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@¦Fo ]Ɋ& !¦Fo F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d8da193-b3b4-4f5b-933d-3c4231a77a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**>:&r ]Ɋ& )!X>:&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**>:&r ]Ɋ& A!X>:&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>:&r ]Ɋ& =!X>:&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**>:&r ]Ɋ& 5!X>:&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**>:&r ]Ɋ& 5!X>:&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **>:&r ]Ɋ& 7!X>:&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0>:&r ]Ɋ& !>:&r F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5336f5b2-26b6-4b16-af4e-d975b3b89806 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@k;&r ]Ɋ& !k;&r F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5336f5b2-26b6-4b16-af4e-d975b3b89806 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**Xk;&r ]Ɋ& !Xk;&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pk;&r ]Ɋ& !Xk;&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hk;&r ]Ɋ& !Xk;&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`k;&r ]Ɋ& !Xk;&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`k;&r ]Ɋ& !Xk;&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hk;&r ]Ɋ& !Xk;&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**k;&r ]Ɋ&  !k;&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03eb69a9-64d4-482f-bd83-9092a25e8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5299**k;&r ]Ɋ& !k;&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03eb69a9-64d4-482f-bd83-9092a25e8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e**8}<&r ]Ɋ& !X}<&r F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**P}<&r ]Ɋ& !X}<&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**P}<&r ]Ɋ& !X}<&r F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**H}<&r ]Ɋ& !X}<&r F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**H}<&r ]Ɋ& !X}<&r F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H}<&r ]Ɋ& !X}<&r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**}<&r ]Ɋ& !}<&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7402598c-ab41-484a-92e1-17f9c3a27049 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**}<&r ]Ɋ& !}<&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7402598c-ab41-484a-92e1-17f9c3a27049 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X}<&r ]Ɋ& !X}<&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**p}<&r ]Ɋ& !X}<&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h}<&r ]Ɋ& !X}<&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`}<&r ]Ɋ& !X}<&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`}<&r ]Ɋ& !X}<&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`}<&r ]Ɋ& !X}<&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**=&r ]Ɋ& !=&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbe33e54-25b9-423e-b88c-e8f4e74b0106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**=&r ]Ɋ& !=&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbe33e54-25b9-423e-b88c-e8f4e74b0106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(=&r ]Ɋ& !X=&r F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@=&r ]Ɋ& !X=&r F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@=&r ]Ɋ& !X=&r F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8=&r ]Ɋ& !X=&r F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX=&r F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXhDDo F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk**9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8=&r ]Ɋ& !X=&r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**=&r ]Ɋ& !=&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85015037-32b6-4d60-b967-1041b8a44b29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**F>&r ]Ɋ& !F>&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85015037-32b6-4d60-b967-1041b8a44b29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X[>&r ]Ɋ& !X[>&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p[>&r ]Ɋ& !X[>&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0p**p[>&r ]Ɋ& !X[>&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h[>&r ]Ɋ& !X[>&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h[>&r ]Ɋ& !X[>&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h[>&r ]Ɋ& !X[>&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**[>&r ]Ɋ&  ![>&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6fe98881-d22f-45c7-acd4-f700441a706d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**@&r ]Ɋ& !@&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6fe98881-d22f-45c7-acd4-f700441a706d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**@&r ]Ɋ& '!X@&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**@&r ]Ɋ& ?!X@&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**@&r ]Ɋ& ;!X@&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@&r ]Ɋ& 3!X@&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh** @&r ]Ɋ& 3!X@&r  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** @&r ]Ɋ& 5!X@&r  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0 @&r ]Ɋ& !@&r  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c745237-5cbb-42d5-ba60-2088c8a0a7c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ @&r ]Ɋ& !@&r  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c745237-5cbb-42d5-ba60-2088c8a0a7c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@** Gt ]Ɋ& )!XGt  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3fe-**Gt ]Ɋ& A!XGt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**Gt ]Ɋ& =!XGt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Gt ]Ɋ& 5!XGt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Gt ]Ɋ& 5!XGt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=k;**Gt ]Ɋ& 7!XGt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0Gt ]Ɋ& !Gt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041c9c31-8b8e-4c60-afbb-d99b170d8541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**@ɴHt ]Ɋ& !ɴHt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041c9c31-8b8e-4c60-afbb-d99b170d8541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X_MIt ]Ɋ& !X_MIt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p_MIt ]Ɋ& !X_MIt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h_MIt ]Ɋ& !X_MIt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`_MIt ]Ɋ& !X_MIt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`_MIt ]Ɋ& !X_MIt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h_MIt ]Ɋ& !X_MIt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**_MIt ]Ɋ&  !_MIt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0bd1c1b-e28c-4205-ab88-26979d470435 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**_MIt ]Ɋ& !_MIt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0bd1c1b-e28c-4205-ab88-26979d470435 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8_MIt ]Ɋ& !X_MIt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P_MIt ]Ɋ& !X_MIt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P_MIt ]Ɋ& !X_MIt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H _MIt ]Ɋ& !X_MIt  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H!_MIt ]Ɋ& !X_MIt! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H"_MIt ]Ɋ& !X_MIt" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**#_MIt ]Ɋ& !_MIt# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d69593c7-17e4-4edc-9901-fda16776192c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**$It ]Ɋ& !It$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d69593c7-17e4-4edc-9901-fda16776192c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X%It ]Ɋ& !XIt% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p&It ]Ɋ& !XIt& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h'It ]Ɋ& !XIt' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`(It ]Ɋ& !XIt( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)It ]Ɋ& !XIt) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`*It ]Ɋ& !XIt* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk+[+[` +z Mu=VysMc&&**+It ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !It+ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f56de26-a61e-4e19-b38e-7fff5a976c51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**,It ]Ɋ& !It, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f56de26-a61e-4e19-b38e-7fff5a976c51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(-~Jt ]Ɋ& !X~Jt- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@.~Jt ]Ɋ& !X~Jt. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@/~Jt ]Ɋ& !X~Jt/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**80~Jt ]Ɋ& !X~Jt0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**81~Jt ]Ɋ& !X~Jt1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**82~Jt ]Ɋ& !X~Jt2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**3~Jt ]Ɋ& !~Jt3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15f79b4e-e074-4e06-9b15-e71c468d3d28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**4#Kt ]Ɋ& !#Kt4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15f79b4e-e074-4e06-9b15-e71c468d3d28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X5@COt ]Ɋ& !X@COt5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p6@COt ]Ɋ& !X@COt6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p7@COt ]Ɋ& !X@COt7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h8@COt ]Ɋ& !X@COt8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h9@COt ]Ɋ& !X@COt9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h:@COt ]Ɋ& !X@COt: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**;@COt ]Ɋ&  !@COt; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97f35c79-54b2-4d8d-902f-1d1e83f50247 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<Ot ]Ɋ& !Ot< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97f35c79-54b2-4d8d-902f-1d1e83f50247 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**=Ot ]Ɋ& '!XOt= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**>Ot ]Ɋ& ?!XOt> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**?Ot ]Ɋ& ;!XOt? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@Ot ]Ɋ& 3!XOt@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**AOt ]Ɋ& 3!XOtA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**BOt ]Ɋ& 5!XOtB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0COt ]Ɋ& !OtC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4680f8d4-7f60-4f82-8b1a-ec6ef383221e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@D Qt ]Ɋ& ! QtD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4680f8d4-7f60-4f82-8b1a-ec6ef383221e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**Ev ]Ɋ& )!XvE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**Fv ]Ɋ& A!XvF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-40**Gv ]Ɋ& =!XvG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Hv ]Ɋ& 5!XvH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**Iv ]Ɋ& 5!XvI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Jv ]Ɋ& 7!XvJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Kv ]Ɋ& !vK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c59b000f-62fd-4759-8531-a9518b649e2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@LBNv ]Ɋ& !BNvL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c59b000f-62fd-4759-8531-a9518b649e2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XMv ]Ɋ& !XvM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pNv ]Ɋ& !XvN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hOv ]Ɋ& !XvO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`Pv ]Ɋ& !XvP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Qv ]Ɋ& !XvQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hRv ]Ɋ& !XvR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**Sov ]Ɋ&  !ovS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e49e2dd-b66b-49cb-9789-947559d253ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**Tov ]Ɋ& !ovT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e49e2dd-b66b-49cb-9789-947559d253ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Uov ]Ɋ& !XovU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PVov ]Ɋ& !XovV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PWov ]Ɋ& !XovW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HXov ]Ɋ& !XovX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**HYov ]Ɋ& !XovY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**HZov ]Ɋ& !XovZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**[ov ]Ɋ& !ov[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7929cdf0-f083-41d8-91de-18de549d4eb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommvElfChnk\\H&Mu=VysMc&&**\v ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !v\ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7929cdf0-f083-41d8-91de-18de549d4eb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X]v ]Ɋ& !Xv] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p^v ]Ɋ& !Xv^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h_v ]Ɋ& !Xv_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**``v ]Ɋ& !Xv` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`av ]Ɋ& !Xva F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`bv ]Ɋ& !Xvb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**cv ]Ɋ& !vc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4df722ee-0b9e-4dbd-931d-df7f95106b9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=J**dv ]Ɋ& !vd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4df722ee-0b9e-4dbd-931d-df7f95106b9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(ev ]Ɋ& !Xve F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@fv ]Ɋ& !Xvf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@gv ]Ɋ& !Xvg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8hv ]Ɋ& !Xvh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8iv ]Ɋ& !Xvi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8jv ]Ɋ& !Xvj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**kv ]Ɋ& !vk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4ff169fd-4677-4380-adb4-3f115dccc474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **l2Iv ]Ɋ& !2Ivl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4ff169fd-4677-4380-adb4-3f115dccc474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xm#Dv ]Ɋ& !X#Dvm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pn#Dv ]Ɋ& !X#Dvn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**po#Dv ]Ɋ& !X#Dvo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hp#Dv ]Ɋ& !X#Dvp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hq#Dv ]Ɋ& !X#Dvq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hr#Dv ]Ɋ& !X#Dvr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**s#Dv ]Ɋ&  !#Dvs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8970cda7-ef90-4e06-8910-d5bd74bacf0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tv ]Ɋ& !vt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8970cda7-ef90-4e06-8910-d5bd74bacf0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**uPuv ]Ɋ& '!XPuvu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **vPuv ]Ɋ& ?!XPuvv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**wPuv ]Ɋ& ;!XPuvw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**xPuv ]Ɋ& 3!XPuvx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **yPuv ]Ɋ& 3!XPuvy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**zPuv ]Ɋ& 5!XPuvz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0{Puv ]Ɋ& !Puv{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ca1f74d4-0cfa-4a0a-baa1-99135d0b023b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@| v ]Ɋ& ! v| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ca1f74d4-0cfa-4a0a-baa1-99135d0b023b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a95@**}0y ]Ɋ& )!X0y} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**~0y ]Ɋ& A!X0y~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**0y ]Ɋ& =!X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fe**0y ]Ɋ& 5!X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**0y ]Ɋ& 5!X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**0y ]Ɋ& 7!X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**00y ]Ɋ& !0y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62de293c-7ff8-4c04-9daf-2080414a528c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@'L0y ]Ɋ& !'L0y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62de293c-7ff8-4c04-9daf-2080414a528c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X0y ]Ɋ& !X0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h0y ]Ɋ& !X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`0y ]Ɋ& !X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`0y ]Ɋ& !X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h0y ]Ɋ& !X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Zh**0y ]Ɋ&  !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!ov ]Ɋ& at0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@΄V^ Mu=VysMc&&**0y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !0y F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**80y ]Ɋ& !X0y F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P0y ]Ɋ& !X0y F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H0y ]Ɋ& !X0y F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H0y ]Ɋ& !X0y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H0y ]Ɋ& !X0y F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**0y ]Ɋ& !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa3d82f-9fc5-4079-8944-015f99263ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **G0y ]Ɋ& !G0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa3d82f-9fc5-4079-8944-015f99263ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XG0y ]Ɋ& !XG0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pG0y ]Ɋ& !XG0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hG0y ]Ɋ& !XG0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ch**`G0y ]Ɋ& !XG0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`G0y ]Ɋ& !XG0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`G0y ]Ɋ& !XG0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**G0y ]Ɋ& !G0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fda5db5-6b98-4edf-9f7d-5d374ca3af1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**G0y ]Ɋ& !G0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fda5db5-6b98-4edf-9f7d-5d374ca3af1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(0y ]Ɋ& !X0y F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@0y ]Ɋ& !X0y F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@0y ]Ɋ& !X0y F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**80y ]Ɋ& !X0y F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**80y ]Ɋ& !X0y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**80y ]Ɋ& !X0y F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**0y ]Ɋ& !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=21b8c52c-6243-4153-9054-9bff382c1dfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**B0y ]Ɋ& !B0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=21b8c52c-6243-4153-9054-9bff382c1dfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X0y ]Ɋ& !X0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p0y ]Ɋ& !X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h0y ]Ɋ& !X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h0y ]Ɋ& !X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h0y ]Ɋ& !X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**0y ]Ɋ&  !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c2bc950-9cdf-45ab-a2c5-1969276bfb3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**S0y ]Ɋ& !S0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c2bc950-9cdf-45ab-a2c5-1969276bfb3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**i 0y ]Ɋ& '!Xi 0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**i 0y ]Ɋ& ?!Xi 0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**i 0y ]Ɋ& ;!Xi 0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **i 0y ]Ɋ& 3!Xi 0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**i 0y ]Ɋ& 3!Xi 0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**i 0y ]Ɋ& 5!Xi 0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0i 0y ]Ɋ& !i 0y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4df22ca9-6f4a-4210-99d1-ee09ba987eaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@!0y ]Ɋ& !!0y F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4df22ca9-6f4a-4210-99d1-ee09ba987eaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e1{ ]Ɋ& )!Xe1{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**e1{ ]Ɋ& A!Xe1{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**e1{ ]Ɋ& =!Xe1{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**e1{ ]Ɋ& 5!Xe1{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**e1{ ]Ɋ& 5!Xe1{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**e1{ ]Ɋ& 7!Xe1{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0(1{ ]Ɋ& !(1{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38df7552-487d-4559-9f8a-811e6cec0cdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@U/3{ ]Ɋ& !U/3{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38df7552-487d-4559-9f8a-811e6cec0cdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=baf@0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkHEӔjMu=VysMc&&**X`4{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X`4{ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p`4{ ]Ɋ& !X`4{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h`4{ ]Ɋ& !X`4{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**``4{ ]Ɋ& !X`4{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**``4{ ]Ɋ& !X`4{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h`4{ ]Ɋ& !X`4{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**`4{ ]Ɋ&  !`4{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3b6612-1a2c-4a63-8175-2efa10880413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0y**`4{ ]Ɋ& !`4{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3b6612-1a2c-4a63-8175-2efa10880413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**84{ ]Ɋ& !X4{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4{ ]Ɋ& !X4{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P4{ ]Ɋ& !X4{ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H4{ ]Ɋ& !X4{ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4{ ]Ɋ& !X4{ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H4{ ]Ɋ& !X4{ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**4{ ]Ɋ& !4{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f02aa83-3c00-4066-8e9d-a01e599f8be6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**4{ ]Ɋ& !4{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f02aa83-3c00-4066-8e9d-a01e599f8be6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5{ ]Ɋ& !X5{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p5{ ]Ɋ& !X5{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h5{ ]Ɋ& !X5{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`5{ ]Ɋ& !X5{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`5{ ]Ɋ& !X5{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`5{ ]Ɋ& !X5{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**5{ ]Ɋ& !5{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d263fce3-35d6-46de-bebd-6daac58c386e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**5{ ]Ɋ& !5{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d263fce3-35d6-46de-bebd-6daac58c386e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(6{ ]Ɋ& !X6{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@6{ ]Ɋ& !X6{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@6{ ]Ɋ& !X6{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**86{ ]Ɋ& !X6{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**86{ ]Ɋ& !X6{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0b8**86{ ]Ɋ& !X6{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**6{ ]Ɋ& !6{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad337a1f-2a1b-45a8-b025-73891c9d2ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**s[7{ ]Ɋ& !s[7{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad337a1f-2a1b-45a8-b025-73891c9d2ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**XTQ={ ]Ɋ& !XTQ={ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pTQ={ ]Ɋ& !XTQ={ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pTQ={ ]Ɋ& !XTQ={ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hTQ={ ]Ɋ& !XTQ={ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hTQ={ ]Ɋ& !XTQ={ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hTQ={ ]Ɋ& !XTQ={ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**TQ={ ]Ɋ&  !TQ={ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cfd27b8-ffa6-4446-a896-9804c9146724 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**={ ]Ɋ& !={ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cfd27b8-ffa6-4446-a896-9804c9146724 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **?{ ]Ɋ& '!X?{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**?{ ]Ɋ& ?!X?{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?{ ]Ɋ& ;!X?{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**?{ ]Ɋ& 3!X?{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**?{ ]Ɋ& 3!X?{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**?{ ]Ɋ& 5!X?{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0?{ ]Ɋ& !?{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@@{ ]Ɋ& !@{ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @pelineId=  ]Ɋ& maX,@ } F&0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkhP-et-?Mu=VysMc&&**,@ } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X,@ } F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**,@ } ]Ɋ& A!X,@ } F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**,@ } ]Ɋ& =!X,@ } F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**,@ } ]Ɋ& 5!X,@ } F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **,@ } ]Ɋ& 5!X,@ } F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6**,@ } ]Ɋ& 7!X,@ } F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0,@ } ]Ɋ& !,@ } F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334a4d57-86cf-4531-817c-890c4c254b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@Yq } ]Ɋ& !Yq } F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334a4d57-86cf-4531-817c-890c4c254b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X } ]Ɋ& !X } F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p } ]Ɋ& !X } F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h } ]Ɋ& !X } F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` } ]Ɋ& !X } F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` } ]Ɋ& !X } F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h } ]Ɋ& !X } F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth** } ]Ɋ&  ! } F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e6f3819-5bae-4dd4-b7a4-45c676274efc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ** } ]Ɋ& ! } F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e6f3819-5bae-4dd4-b7a4-45c676274efc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8;} ]Ɋ& !X;} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P;} ]Ɋ& !X;} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P;} ]Ɋ& !X;} F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H;} ]Ɋ& !X;} F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H;} ]Ɋ& !X;} F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H;} ]Ɋ& !X;} F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={H**;} ]Ɋ& !;} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12768ff0-5a83-4614-bb2a-e502c8ad18b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**;} ]Ɋ& !;} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12768ff0-5a83-4614-bb2a-e502c8ad18b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X} ]Ɋ& !X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p} ]Ɋ& !X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**h} ]Ɋ& !X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`} ]Ɋ& !X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**` } ]Ɋ& !X}  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**` } ]Ɋ& !X}  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`** } ]Ɋ& !}  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014e9916-ced3-4503-bc50-f63596bb4ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** v} ]Ɋ& !v}  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014e9916-ced3-4503-bc50-f63596bb4ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( v} ]Ɋ& !Xv}  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v} ]Ɋ& !Xv} F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@v} ]Ɋ& !Xv} F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8v} ]Ɋ& !Xv} F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8v} ]Ɋ& !Xv} F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8v} ]Ɋ& !Xv} F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**v} ]Ɋ& !v} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b13e2e98-0093-4c70-ae1f-8054a30f69c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b13e2e98-0093-4c70-ae1f-8054a30f69c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **XH} ]Ɋ& !XH} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**pH} ]Ɋ& !XH} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**pH} ]Ɋ& !XH} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7b8p**hH} ]Ɋ& !XH} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**hH} ]Ɋ& !XH} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hH} ]Ɋ& !XH} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**H} ]Ɋ&  !H} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6935c387-f1c5-4a9f-9d89-deeac82a064e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **u} ]Ɋ& !u} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6935c387-f1c5-4a9f-9d89-deeac82a064e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**} ]Ɋ& '!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**} ]Ɋ& ?!X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-db-bc4a-cad6 ]Ɋ& reX} F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @pelineId=  ]Ɋ& maX,@ } F&0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkQQ@7&Mu=VysMc&&** } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X} F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** } ]Ɋ& 3!X}  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,@ **!} ]Ɋ& 3!X}! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9dc**"} ]Ɋ& 5!X}" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#} ]Ɋ& !}# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f5521947-afa5-4583-be90-a0b90fe8832e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$8} ]Ɋ& !8}$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f5521947-afa5-4583-be90-a0b90fe8832e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**%B ]Ɋ& )!XB% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **&B ]Ɋ& A!XB& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**'B ]Ɋ& =!XB' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**(B ]Ɋ& 5!XB( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**)B ]Ɋ& 5!XB) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve***B ]Ɋ& 7!XB* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0+B ]Ɋ& !B+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2322293d-088a-4e1f-9720-db711a08432a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@,5B ]Ɋ& !5B, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2322293d-088a-4e1f-9720-db711a08432a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X-5B ]Ɋ& !X5B- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.5B ]Ɋ& !X5B. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/5B ]Ɋ& !X5B/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`05B ]Ɋ& !X5B0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`15B ]Ɋ& !X5B1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h25B ]Ɋ& !X5B2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**35B ]Ɋ&  !5B3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0022a73-09bb-44ed-9188-416137e365c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**4˵B ]Ɋ& !˵B4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0022a73-09bb-44ed-9188-416137e365c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**85˵B ]Ɋ& !X˵B5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P6˵B ]Ɋ& !X˵B6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P7˵B ]Ɋ& !X˵B7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H8˵B ]Ɋ& !X˵B8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H9˵B ]Ɋ& !X˵B9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H:˵B ]Ɋ& !X˵B: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**;˵B ]Ɋ& !˵B; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe08b247-cdec-40aa-8e60-af7fda3ba04d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<˵B ]Ɋ& !˵B< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe08b247-cdec-40aa-8e60-af7fda3ba04d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X=bNB ]Ɋ& !XbNB= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p>bNB ]Ɋ& !XbNB> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h?bNB ]Ɋ& !XbNB? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`@bNB ]Ɋ& !XbNB@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4a`**`AbNB ]Ɋ& !XbNBA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`BbNB ]Ɋ& !XbNBB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**CbNB ]Ɋ& !bNBC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1b1ebf2-e19b-4514-a3a7-c8bd426af234 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**DbNB ]Ɋ& !bNBD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1b1ebf2-e19b-4514-a3a7-c8bd426af234 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c70**(EbNB ]Ɋ& !XbNBE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@FbNB ]Ɋ& !XbNBF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@GbNB ]Ɋ& !XbNBG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8HbNB ]Ɋ& !XbNBH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8IbNB ]Ɋ& !XbNBI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8JbNB ]Ɋ& !XbNBJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**KbNB ]Ɋ& !bNBK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e5914173-f777-48ee-8ddf-ee8f57be370e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**LB ]Ɋ& !BL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e5914173-f777-48ee-8ddf-ee8f57be370e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XMRIB ]Ɋ& !XRIBM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pNRIB ]Ɋ& !XRIBN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pORIB ]Ɋ& !XRIBO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hPRIB ]Ɋ& !XRIBP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hQRIB ]Ɋ& !XRIBQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkRRHh6 Mu=VysMc&&**p RRIB ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XRIBR F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **SRIB ]Ɋ&  !RIBS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8bb4fc1c-03dd-4c18-bb97-e323d2cf6e39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**TB ]Ɋ& !BT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8bb4fc1c-03dd-4c18-bb97-e323d2cf6e39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**UB ]Ɋ& '!XBU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**VB ]Ɋ& ?!XBV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**WB ]Ɋ& ;!XBW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**XB ]Ɋ& 3!XBX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**YB ]Ɋ& 3!XBY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **ZB ]Ɋ& 5!XBZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0[B ]Ɋ& !B[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7ed3eaff-e0c5-4433-8da7-6ebac01ed5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=250**@\B ]Ɋ& !B\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7ed3eaff-e0c5-4433-8da7-6ebac01ed5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**] ]Ɋ& )!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**^ ]Ɋ& A!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**_ ]Ɋ& =!X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**` ]Ɋ& 5!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**a ]Ɋ& 5!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**b ]Ɋ& 7!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0c ]Ɋ& !c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fb496f1-2e9f-4880-825a-d81aa4c7aef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@dF ]Ɋ& !Fd F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fb496f1-2e9f-4880-825a-d81aa4c7aef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xe* ]Ɋ& !X*e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pf* ]Ɋ& !X*f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hg* ]Ɋ& !X*g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`h* ]Ɋ& !X*h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`i* ]Ɋ& !X*i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj* ]Ɋ& !X*j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**k* ]Ɋ&  !*k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3c47269-a5da-40da-91b0-b58a8fdfb815 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**l* ]Ɋ& !*l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3c47269-a5da-40da-91b0-b58a8fdfb815 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8m* ]Ɋ& !X*m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pn* ]Ɋ& !X*n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Po* ]Ɋ& !X*o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hp* ]Ɋ& !X*p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hq* ]Ɋ& !X*q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=BH**Hr* ]Ɋ& !X*r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**sw ]Ɋ& !ws F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73aa9228-41f1-4a87-a3c4-e51efec7a96e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tw ]Ɋ& !wt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73aa9228-41f1-4a87-a3c4-e51efec7a96e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XuW ]Ɋ& !XWu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pvW ]Ɋ& !XWv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hwW ]Ɋ& !XWw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`xW ]Ɋ& !XWx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`yW ]Ɋ& !XWy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`zW ]Ɋ& !XWz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**{W ]Ɋ& !W{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd84b10-e0a0-4b4a-9609-7b3013b0774c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**|W ]Ɋ& !W| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd84b10-e0a0-4b4a-9609-7b3013b0774c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}W ]Ɋ& !XW} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@~W ]Ɋ& !XW~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@W ]Ɋ& !XW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8W ]Ɋ& !XW F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8W ]Ɋ& !XW F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=67a5072f-6b11-48e2-a868-cd688703da15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**A ]Ɋ& !A F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=67a5072f-6b11-48e2-a868-cd688703da15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XG  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkHe%H1RMu=VysMc&&**` G  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XG  F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pG  ]Ɋ& !XG  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pG  ]Ɋ& !XG  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hG  ]Ɋ& !XG  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hG  ]Ɋ& !XG  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hG  ]Ɋ& !XG  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**G  ]Ɋ&  !G  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=814c300a-36fd-4d6c-b81f-8ab8420e14c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**ޣ ]Ɋ& !ޣ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=814c300a-36fd-4d6c-b81f-8ab8420e14c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**ޣ ]Ɋ& '!Xޣ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**ޣ ]Ɋ& ?!Xޣ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ޣ ]Ɋ& ;!Xޣ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-9**ޣ ]Ɋ& 3!Xޣ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_**ޣ ]Ɋ& 3!Xޣ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9d7**ޣ ]Ɋ& 5!Xޣ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0ޣ ]Ɋ& !ޣ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=13703d94-ae6c-4bce-ba10-5d64a3a2df98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@  ]Ɋ& !  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=13703d94-ae6c-4bce-ba10-5d64a3a2df98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23854537-fc2f-43b1-9e10-073085b57a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@>  ]Ɋ& !>  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23854537-fc2f-43b1-9e10-073085b57a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X>  ]Ɋ& !X>  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*X**p>  ]Ɋ& !X>  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h>  ]Ɋ& !X>  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`>  ]Ɋ& !X>  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`>  ]Ɋ& !X>  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h>  ]Ɋ& !X>  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**>  ]Ɋ&  !>  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37a70b81-3011-4e08-9eeb-f8fb46bf3599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37a70b81-3011-4e08-9eeb-f8fb46bf3599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P  ]Ɋ& !X  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H  ]Ɋ& !X  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H  ]Ɋ& !X  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H  ]Ɋ& !X  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**Io  ]Ɋ& !Io  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e74517-e847-4a9b-82e9-cf56e7048dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **Io  ]Ɋ& !Io  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e74517-e847-4a9b-82e9-cf56e7048dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XIo  ]Ɋ& !XIo  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}X**pIo  ]Ɋ& !XIo  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hIo  ]Ɋ& !XIo  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`Io  ]Ɋ& !XIo  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`Io  ]Ɋ& !XIo  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`Io  ]Ɋ& !XIo  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Io  ]Ɋ& !Io  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=151a6a0e-35d8-4675-9ac1-0e3d9a2a5498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=151a6a0e-35d8-4675-9ac1-0e3d9a2a5498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(  ]Ɋ& !X  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@  ]Ɋ& !X  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkP@.:5Mu=VysMc&&**@   ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X  F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0c0bd014-370a-4b9d-ae0f-3165f42dabcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re** 9  ]Ɋ& ! 9  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0c0bd014-370a-4b9d-ae0f-3165f42dabcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xg  ]Ɋ& !Xg  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pg  ]Ɋ& !Xg  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pg  ]Ɋ& !Xg  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hg  ]Ɋ& !Xg  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hg  ]Ɋ& !Xg  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hg  ]Ɋ& !Xg  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**g  ]Ɋ&  !g  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bd93c9f-25bb-4f3e-8b02-d713628350a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**3  ]Ɋ& !3  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bd93c9f-25bb-4f3e-8b02-d713628350a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**3  ]Ɋ& '!X3  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**3  ]Ɋ& ?!X3  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**3  ]Ɋ& ;!X3  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-44**3  ]Ɋ& 3!X3  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****3  ]Ɋ& 3!X3  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4c2**3  ]Ɋ& 5!X3  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0  ]Ɋ& !  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d5a7a26-248b-48b0-b452-64344591df1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@*e  ]Ɋ& !*e  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d5a7a26-248b-48b0-b452-64344591df1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** qL ]Ɋ& )!X qL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co** qL ]Ɋ& A!X qL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId** qL ]Ɋ& =!X qL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr** qL ]Ɋ& 5!X qL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/** qL ]Ɋ& 5!X qL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=36** qL ]Ɋ& 7!X qL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0 qL ]Ɋ& ! qL F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f392240-c28c-4bec-a7c4-9cbf20e285b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@rL ]Ɋ& !rL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f392240-c28c-4bec-a7c4-9cbf20e285b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X9&sL ]Ɋ& !X9&sL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p9&sL ]Ɋ& !X9&sL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9&sL ]Ɋ& !X9&sL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`9&sL ]Ɋ& !X9&sL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9&sL ]Ɋ& !X9&sL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h9&sL ]Ɋ& !X9&sL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**9&sL ]Ɋ&  !9&sL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e20a8ad1-768d-4221-904c-fd7e6de82fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**9&sL ]Ɋ& !9&sL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e20a8ad1-768d-4221-904c-fd7e6de82fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **89&sL ]Ɋ& !X9&sL F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P9&sL ]Ɋ& !X9&sL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P9&sL ]Ɋ& !X9&sL F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H9&sL ]Ɋ& !X9&sL F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H9&sL ]Ɋ& !X9&sL F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H9&sL ]Ɋ& !X9&sL F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**9&sL ]Ɋ& !9&sL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ca89f6-e03b-41cf-a0ee-ffd8867a37e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**ϾsL ]Ɋ& !ϾsL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ca89f6-e03b-41cf-a0ee-ffd8867a37e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XϾsL ]Ɋ& !XϾsL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pϾsL ]Ɋ& !XϾsL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hϾsL ]Ɋ& !XϾsL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XϾsL F&CommandPath= CommandLine= @riptName=  ]Ɋ& X  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkX0j[ymMu=VysMc&&**hϾsL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XϾsL F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ϾsL ]Ɋ& !XϾsL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`ϾsL ]Ɋ& !XϾsL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**ϾsL ]Ɋ& !ϾsL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=322992da-a8d5-43d8-b26a-82f6d0fda7ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ϾsL ]Ɋ& !ϾsL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=322992da-a8d5-43d8-b26a-82f6d0fda7ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(fWtL ]Ɋ& !XfWtL F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@fWtL ]Ɋ& !XfWtL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@fWtL ]Ɋ& !XfWtL F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8fWtL ]Ɋ& !XfWtL F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8fWtL ]Ɋ& !XfWtL F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8fWtL ]Ɋ& !XfWtL F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**fWtL ]Ɋ& !fWtL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7300057c-7e2c-47e1-a4b7-a19e06da3ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**tL ]Ɋ& !tL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7300057c-7e2c-47e1-a4b7-a19e06da3ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X)!vL ]Ɋ& !X)!vL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p)!vL ]Ɋ& !X)!vL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p)!vL ]Ɋ& !X)!vL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h)!vL ]Ɋ& !X)!vL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h)!vL ]Ɋ& !X)!vL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h)!vL ]Ɋ& !X)!vL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2eh**)!vL ]Ɋ&  !)!vL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2500f9bf-f7cb-485e-a063-139ed181442a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **vL ]Ɋ& !vL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2500f9bf-f7cb-485e-a063-139ed181442a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**vL ]Ɋ& '!XvL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**vL ]Ɋ& ?!XvL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**vL ]Ɋ& ;!XvL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**vL ]Ɋ& 3!XvL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**vL ]Ɋ& 3!XvL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**vL ]Ɋ& 5!XvL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0vL ]Ɋ& !vL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=669ae80e-94ad-44e2-afd0-94de0f537361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=280**@wL ]Ɋ& !wL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=669ae80e-94ad-44e2-afd0-94de0f537361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4895ba82-e9a9-42ff-9311-fa213a0a82df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@  ]Ɋ& !  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4895ba82-e9a9-42ff-9311-fa213a0a82df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==47@**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=050bh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c553e6f0-abc5-4c13-a536-115fc6d93031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c553e6f0-abc5-4c13-a536-115fc6d93031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8Gz ]Ɋ& !XGz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**PGz ]Ɋ& !XGz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**PGz ]Ɋ& !XGz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d24aP**HGz ]Ɋ& !XGz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& {XGz ElfChnkIIH'YϢt4Mu=VysMc&&**HGz ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XGz F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**HGz ]Ɋ& !XGz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**Gz ]Ɋ& !Gz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd0468bf-77db-4b89-ad85-d95a0a8168ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Gz ]Ɋ& !Gz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd0468bf-77db-4b89-ad85-d95a0a8168ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XGz ]Ɋ& !XGz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pGz ]Ɋ& !XGz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hGz ]Ɋ& !XGz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**` Gz ]Ɋ& !XGz  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`!Gz ]Ɋ& !XGz! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`"Gz ]Ɋ& !XGz" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#Gz ]Ɋ& !Gz# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2266d6f5-58a2-4b8a-b78a-ca0fb8a9acb7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**$Gz ]Ɋ& !Gz$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2266d6f5-58a2-4b8a-b78a-ca0fb8a9acb7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(% ]Ɋ& !X% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@& ]Ɋ& !X& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@' ]Ɋ& !X' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8( ]Ɋ& !X( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8) ]Ɋ& !X) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8* ]Ɋ& !X* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aae93c22-ed05-4424-848b-7b451b6eb5b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **,t ]Ɋ& !t, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aae93c22-ed05-4424-848b-7b451b6eb5b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p/ ]Ɋ& !X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h1 ]Ɋ& !X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h2 ]Ɋ& !X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**3 ]Ɋ&  !3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=113fde8e-fa33-4ecc-a316-70bb649a3f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**47u ]Ɋ& !7u4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=113fde8e-fa33-4ecc-a316-70bb649a3f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**57u ]Ɋ& '!X7u5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **67u ]Ɋ& ?!X7u6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**77u ]Ɋ& ;!X7u7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**87u ]Ɋ& 3!X7u8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **97u ]Ɋ& 3!X7u9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**:7u ]Ɋ& 5!X7u: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0;7u ]Ɋ& !7u; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a279cfe6-0bed-4966-9fe3-95a79f218827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@<d  ]Ɋ& !d < F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a279cfe6-0bed-4966-9fe3-95a79f218827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-fa2@**= ]Ɋ& )!X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**? ]Ɋ& =!X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5e**@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**A ]Ɋ& 5!XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**B ]Ɋ& 7!XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C+ ]Ɋ& !+C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a77d7fb9-1086-4349-ab77-08b7cacd8920 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@DJ ]Ɋ& !JD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a77d7fb9-1086-4349-ab77-08b7cacd8920 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XEJ ]Ɋ& !XJE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pFJ ]Ɋ& !XJF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hGJ ]Ɋ& !XJG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`HJ ]Ɋ& !XJH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`IJ ]Ɋ& !XJI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& XJJ F& ElfChnkJzJzRHׂMu=VysMc&&**hJJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!XJJ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**KJ ]Ɋ&  !JK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28dc584-2b65-4727-8196-2cc1100d6804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**LX ]Ɋ& !XL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28dc584-2b65-4727-8196-2cc1100d6804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8MX ]Ɋ& !XXM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PNX ]Ɋ& !XXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**POX ]Ɋ& !XXO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HPX ]Ɋ& !XXP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HQX ]Ɋ& !XXQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HRX ]Ɋ& !XXR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**SX ]Ɋ& !XS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2b71fed-3d41-4616-be8f-f73d8f0819cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**TX ]Ɋ& !XT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2b71fed-3d41-4616-be8f-f73d8f0819cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XU{ ]Ɋ& !X{U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pV{ ]Ɋ& !X{V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hW{ ]Ɋ& !X{W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`X{ ]Ɋ& !X{X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`Y{ ]Ɋ& !X{Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`Z{ ]Ɋ& !X{Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[{ ]Ɋ& !{[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cebdeaa-8b5f-4f6d-9168-05639334dfaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\{ ]Ɋ& !{\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cebdeaa-8b5f-4f6d-9168-05639334dfaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(]{ ]Ɋ& !X{] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@^{ ]Ɋ& !X{^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@_{ ]Ɋ& !X{_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8`{ ]Ɋ& !X{` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8a{ ]Ɋ& !X{a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8b{ ]Ɋ& !X{b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**c{ ]Ɋ& !{c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7738125a-aac1-4553-9d5f-4bcb6ab58e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7738125a-aac1-4553-9d5f-4bcb6ab58e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**XeE ]Ɋ& !XEe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pfE ]Ɋ& !XEf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pgE ]Ɋ& !XEg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hhE ]Ɋ& !XEh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hiE ]Ɋ& !XEi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hjE ]Ɋ& !XEj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**kE ]Ɋ&  !Ek F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=407bef99-904a-4516-be07-3cde7dac49e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lI ]Ɋ& !Il F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=407bef99-904a-4516-be07-3cde7dac49e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**mI ]Ɋ& '!XIm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**nI ]Ɋ& ?!XIn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**oI ]Ɋ& ;!XIo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**pI ]Ɋ& 3!XIp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **qI ]Ɋ& 3!XIq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**rI ]Ɋ& 5!XIr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0sv ]Ɋ& !vs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4653fec2-b103-4038-8c44-7a322f70c493 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@tv ]Ɋ& !vt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4653fec2-b103-4038-8c44-7a322f70c493 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d892@**u[_ ]Ɋ& )!X[_u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**v[_ ]Ɋ& A!X[_v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**w[_ ]Ɋ& =!X[_w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**x[_ ]Ɋ& 5!X[_x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**y[_ ]Ɋ& 5!X[_y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk{{;\zMu=VysMc&&**8{[_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![_{ F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=313654b4-8fa3-4feb-b8f4-7006e2e031ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@| _ ]Ɋ& ! _| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=313654b4-8fa3-4feb-b8f4-7006e2e031ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X}%!_ ]Ɋ& !X%!_} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p~%!_ ]Ɋ& !X%!_~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h%!_ ]Ɋ& !X%!_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`%!_ ]Ɋ& !X%!_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`%!_ ]Ɋ& !X%!_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h%!_ ]Ɋ& !X%!_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**%!_ ]Ɋ&  !%!_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd1c3cd0-5b6e-4e80-9bdc-d750056b5182 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**%!_ ]Ɋ& !%!_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd1c3cd0-5b6e-4e80-9bdc-d750056b5182 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8.!_ ]Ɋ& !X.!_ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P.!_ ]Ɋ& !X.!_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P.!_ ]Ɋ& !X.!_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H.!_ ]Ɋ& !X.!_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H.!_ ]Ɋ& !X.!_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H.!_ ]Ɋ& !X.!_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**.!_ ]Ɋ& !.!_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f4469cc-3af6-496e-8ad6-7a97f1904b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**.!_ ]Ɋ& !.!_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f4469cc-3af6-496e-8ad6-7a97f1904b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XV"_ ]Ɋ& !XV"_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==7ceX**pV"_ ]Ɋ& !XV"_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hV"_ ]Ɋ& !XV"_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`V"_ ]Ɋ& !XV"_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`V"_ ]Ɋ& !XV"_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`V"_ ]Ɋ& !XV"_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**V"_ ]Ɋ& !V"_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef85f49a-78c3-46c7-befc-d90cad000e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**V"_ ]Ɋ& !V"_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef85f49a-78c3-46c7-befc-d90cad000e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(V"_ ]Ɋ& !XV"_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@V"_ ]Ɋ& !XV"_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@V"_ ]Ɋ& !XV"_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8V"_ ]Ɋ& !XV"_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8V"_ ]Ɋ& !XV"_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8V"_ ]Ɋ& !XV"_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**V"_ ]Ɋ& !V"_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f2a7f0d4-81d5-4fd1-85f3-a391236654ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**["_ ]Ɋ& !["_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f2a7f0d4-81d5-4fd1-85f3-a391236654ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XQ%_ ]Ɋ& !XQ%_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pQ%_ ]Ɋ& !XQ%_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pQ%_ ]Ɋ& !XQ%_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hQ%_ ]Ɋ& !XQ%_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hQ%_ ]Ɋ& !XQ%_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hQ%_ ]Ɋ& !XQ%_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**Q%_ ]Ɋ&  !Q%_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4441b995-7282-4a2c-9298-7f9ff2d4d728 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**K%_ ]Ɋ& !K%_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4441b995-7282-4a2c-9298-7f9ff2d4d728 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**&_ ]Ɋ& '!X&_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**&_ ]Ɋ& ?!X&_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& ;!X&_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& 3!X&_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**&_ ]Ɋ& 3!X&_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& 5!X&_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35&_ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHB~q%ܴMu=VysMc&&**8 &_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !&_ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=88a0bd75-2549-48f4-bcf1-5b17b4341d7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-48 **@x'_ ]Ɋ& !x'_ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=88a0bd75-2549-48f4-bcf1-5b17b4341d7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**)h ]Ɋ& )!X)h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**)h ]Ɋ& A!X)h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **)h ]Ɋ& =!X)h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **)h ]Ɋ& 5!X)h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**)h ]Ɋ& 5!X)h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**)h ]Ɋ& 7!X)h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0)h ]Ɋ& !)h F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=784bad4e-1bdc-4277-a0ae-b968129606cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@V)j ]Ɋ& !V)j F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=784bad4e-1bdc-4277-a0ae-b968129606cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XV)j ]Ɋ& !XV)j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV)j ]Ɋ& !XV)j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hV)j ]Ɋ& !XV)j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`V)j ]Ɋ& !XV)j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`V)j ]Ɋ& !XV)j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hV)j ]Ɋ& !XV)j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!_h**V)j ]Ɋ&  !V)j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bfd4aa86-a1b6-44b3-8788-7177c45780a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**j ]Ɋ& !j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bfd4aa86-a1b6-44b3-8788-7177c45780a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8j ]Ɋ& !Xj F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pj ]Ɋ& !Xj F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pj ]Ɋ& !Xj F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**Hj ]Ɋ& !Xj F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hj ]Ɋ& !Xj F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hj ]Ɋ& !Xj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**j ]Ɋ& !j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4799bd7f-1480-4977-992b-24356268a635 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j ]Ɋ& !j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4799bd7f-1480-4977-992b-24356268a635 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Xj ]Ɋ& !Xj F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pj ]Ɋ& !Xj F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hj ]Ɋ& !Xj F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`j ]Ɋ& !Xj F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1`**`j ]Ɋ& !Xj F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`j ]Ɋ& !Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**j ]Ɋ& !j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cb05290-6bd4-4038-96f8-193f33c24a1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Zk ]Ɋ& !Zk F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cb05290-6bd4-4038-96f8-193f33c24a1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(Zk ]Ɋ& !XZk F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@Zk ]Ɋ& !XZk F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@Zk ]Ɋ& !XZk F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8Zk ]Ɋ& !XZk F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8Zk ]Ɋ& !XZk F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Zk ]Ɋ& !XZk F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**Zk ]Ɋ& !Zk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d927250-1c28-44c9-b5a0-48bbf3d15827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**k ]Ɋ& !k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d927250-1c28-44c9-b5a0-48bbf3d15827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XF$m ]Ɋ& !XF$m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pF$m ]Ɋ& !XF$m F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pF$m ]Ɋ& !XF$m F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hF$m ]Ɋ& !XF$m F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hF$m ]Ɋ& !XF$m F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hF$m ]Ɋ& !XF$m F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**F$m ]Ɋ&  !F$m F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e69d844-c944-4048-8f21-11b9e4b12861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**ݼm ]Ɋ& !ݼm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e69d844-c944-4048-8f21-11b9e4b12861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35&_ ]Ɋ&  CXݼm F&ommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(gMu=VysMc&&** ݼm ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xݼm F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ݼm ]Ɋ& ?!Xݼm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**ݼm ]Ɋ& ;!Xݼm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **ݼm ]Ɋ& 3!Xݼm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**ݼm ]Ɋ& 3!Xݼm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**ݼm ]Ɋ& 5!Xݼm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0ݼm ]Ɋ& !ݼm F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=701add35-63fd-47c8-97e0-dc3b5c4a9d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@ n ]Ɋ& ! n F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=701add35-63fd-47c8-97e0-dc3b5c4a9d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @** & ]Ɋ& )!X & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc** & ]Ɋ& A!X & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta** & ]Ɋ& =!X & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d5** & ]Ɋ& 5!X & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho** & ]Ɋ& 5!X & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** & ]Ɋ& 7!X & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S & ]Ɋ& !S & F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf559708-addb-4cd4-89ab-6a82e7da7195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@2 & ]Ɋ& !2 & F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf559708-addb-4cd4-89ab-6a82e7da7195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X2 & ]Ɋ& !X2 & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p2 & ]Ɋ& !X2 & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h2 & ]Ɋ& !X2 & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`2 & ]Ɋ& !X2 & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`2 & ]Ɋ& !X2 & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h2 & ]Ɋ& !X2 & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=jh** & ]Ɋ&  ! & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca89650-cefd-4609-8496-c9fcd043d76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** & ]Ɋ& ! & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca89650-cefd-4609-8496-c9fcd043d76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 & ]Ɋ& !X & F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P & ]Ɋ& !X & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=jP**P & ]Ɋ& !X & F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H & ]Ɋ& !X & F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H & ]Ɋ& !X & F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H & ]Ɋ& !X & F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH** & ]Ɋ& ! & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=749ad1e8-d1b5-4851-aec5-b8c0e948ecda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ** & ]Ɋ& ! & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=749ad1e8-d1b5-4851-aec5-b8c0e948ecda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xd & ]Ɋ& !Xd & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pd & ]Ɋ& !Xd & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hd & ]Ɋ& !Xd & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`d & ]Ɋ& !Xd & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`d & ]Ɋ& !Xd & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`d & ]Ɋ& !Xd & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**d & ]Ɋ& !d & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0e89817-6852-404f-b374-fb709292618d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**d & ]Ɋ& !d & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0e89817-6852-404f-b374-fb709292618d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**( & ]Ɋ& !X & F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@ & ]Ɋ& !X & F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@ & ]Ɋ& !X & F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b07@**8 & ]Ɋ& !X & F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8 & ]Ɋ& !X &  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8 & ]Ɋ& !X &  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8** & ]Ɋ& ! &  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8200226e-a336-4524-b590-c8ab8abcb76c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al** C & ]Ɋ& !C &  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8200226e-a336-4524-b590-c8ab8abcb76c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X & ]Ɋ& !X&  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p& ]Ɋ& !X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 5-X& F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkBBy40Mu=VysMc&&**h & ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X& F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h& ]Ɋ& !X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h& ]Ɋ& !X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**& ]Ɋ&  !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb085428-ba3c-451c-83d7-c664db5f1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb085428-ba3c-451c-83d7-c664db5f1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**4& ]Ɋ& '!X4& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**4& ]Ɋ& ?!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**4& ]Ɋ& ;!X4& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**4& ]Ɋ& 3!X4& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4& ]Ɋ& 3!X4& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**4& ]Ɋ& 5!X4& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**04& ]Ɋ& !4& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e97f9f31-8b69-484a-ab60-cfb1c6b7b047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@(& ]Ɋ& !(& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e97f9f31-8b69-484a-ab60-cfb1c6b7b047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**GSr ]Ɋ& )!XGSr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GSr ]Ɋ& A!XGSr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**GSr ]Ɋ& =!XGSr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm** GSr ]Ɋ& 5!XGSr  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **!GSr ]Ɋ& 5!XGSr! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**"GSr ]Ɋ& 7!XGSr" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0#r ]Ɋ& !r# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85da2ece-5a92-4778-be50-5021d913ae97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**@$tr ]Ɋ& !tr$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85da2ece-5a92-4778-be50-5021d913ae97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X% r ]Ɋ& !X r% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p& r ]Ɋ& !X r& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h' r ]Ɋ& !X r' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`( r ]Ɋ& !X r( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`) r ]Ɋ& !X r) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h* r ]Ɋ& !X r* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**+ r ]Ɋ&  ! r+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20722ce5-4b89-45a1-9e89-e3a78fc922b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**, r ]Ɋ& ! r, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20722ce5-4b89-45a1-9e89-e3a78fc922b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8- r ]Ɋ& !X r- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**P. r ]Ɋ& !X r. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=adP**P/ r ]Ɋ& !X r/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H0 r ]Ɋ& !X r0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H1 r ]Ɋ& !X r1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H2 r ]Ɋ& !X r2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**3r ]Ɋ& !r3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=defe939f-06fb-4d8d-9dfe-dfae3f712200 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**4r ]Ɋ& !r4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=defe939f-06fb-4d8d-9dfe-dfae3f712200 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X5r ]Ɋ& !Xr5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p6r ]Ɋ& !Xr6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7r ]Ɋ& !Xr7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`8r ]Ɋ& !Xr8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`9r ]Ɋ& !Xr9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`:r ]Ɋ& !Xr: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**;r ]Ɋ& !r; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4b1caa6-3ad3-43e1-a0f3-2a12bbd8edcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**<7Nr ]Ɋ& !7Nr< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4b1caa6-3ad3-43e1-a0f3-2a12bbd8edcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(=7Nr ]Ɋ& !X7Nr= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@>7Nr ]Ɋ& !X7Nr> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?7Nr ]Ɋ& !X7Nr? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8@7Nr ]Ɋ& !X7Nr@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8A7Nr ]Ɋ& !X7NrA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8B7Nr ]Ɋ& !X7NrB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkCtCt@s/BMu=VysMc&&** C7Nr ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!7NrC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1cfdf800-d65f-448b-82e6-95b6aed44296 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **Dr ]Ɋ& !rD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1cfdf800-d65f-448b-82e6-95b6aed44296 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XE(Ir ]Ɋ& !X(IrE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pF(Ir ]Ɋ& !X(IrF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pG(Ir ]Ɋ& !X(IrG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hH(Ir ]Ɋ& !X(IrH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hI(Ir ]Ɋ& !X(IrI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hJ(Ir ]Ɋ& !X(IrJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**K(Ir ]Ɋ&  !(IrK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da3177d-eb93-4b40-82fd-8a30624ef594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**Lr ]Ɋ& !rL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da3177d-eb93-4b40-82fd-8a30624ef594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**MUzr ]Ɋ& '!XUzrM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**NUzr ]Ɋ& ?!XUzrN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**OUzr ]Ɋ& ;!XUzrO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**PUzr ]Ɋ& 3!XUzrP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**QUzr ]Ɋ& 3!XUzrQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**RUzr ]Ɋ& 5!XUzrR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0SUzr ]Ɋ& !UzrS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836c5ea2-fe0d-48ce-a8f7-3b40274ec375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@Tr ]Ɋ& !rT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836c5ea2-fe0d-48ce-a8f7-3b40274ec375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**Uԗ ]Ɋ& )!XԗU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**Vԗ ]Ɋ& A!XԗV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2-8**Wԗ ]Ɋ& =!XԗW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Xԗ ]Ɋ& 5!XԗX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Yԗ ]Ɋ& 5!XԗY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Zԗ ]Ɋ& 7!XԗZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0[~jԗ ]Ɋ& !~jԗ[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=364fe978-b9ef-4d17-8340-dc581ddc60f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@\ԗ ]Ɋ& !ԗ\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=364fe978-b9ef-4d17-8340-dc581ddc60f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**X]ԗ ]Ɋ& !Xԗ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**p^ԗ ]Ɋ& !Xԗ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**h_ԗ ]Ɋ& !Xԗ_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**``ԗ ]Ɋ& !Xԗ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`aԗ ]Ɋ& !Xԗa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hbԗ ]Ɋ& !Xԗb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**cԗ ]Ɋ&  !ԗc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc8df50f-a7fa-42cd-8fc8-90a8aff1b5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**dԗ ]Ɋ& !ԗd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc8df50f-a7fa-42cd-8fc8-90a8aff1b5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8eԗ ]Ɋ& !Xԗe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**Pfԗ ]Ɋ& !Xԗf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**Pgԗ ]Ɋ& !Xԗg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**Hhԗ ]Ɋ& !Xԗh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Hiԗ ]Ɋ& !Xԗi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hjԗ ]Ɋ& !Xԗj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**kA4ԗ ]Ɋ& !A4ԗk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=978522ae-cbf2-49c7-97a0-d81383ed4859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**lA4ԗ ]Ɋ& !A4ԗl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=978522ae-cbf2-49c7-97a0-d81383ed4859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XmA4ԗ ]Ɋ& !XA4ԗm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pnA4ԗ ]Ɋ& !XA4ԗn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hoA4ԗ ]Ɋ& !XA4ԗo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`pA4ԗ ]Ɋ& !XA4ԗp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`qA4ԗ ]Ɋ& !XA4ԗq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`rA4ԗ ]Ɋ& !XA4ԗr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**sA4ԗ ]Ɋ& !A4ԗs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca76f9d2-7bfe-48df-a663-d42999b35c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**tA4ԗ ]Ɋ& !A4ԗt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca76f9d2-7bfe-48df-a663-d42999b35c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXԗu F&ndPath= CommandLine=8F& ElfChnkuuy"Mu=VysMc&&**0 uԗ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xԗu F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@vԗ ]Ɋ& !Xԗv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@wԗ ]Ɋ& !Xԗw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8xԗ ]Ɋ& !Xԗx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8yԗ ]Ɋ& !Xԗy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7 8**8zԗ ]Ɋ& !Xԗz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**{ԗ ]Ɋ& !ԗ{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=994a7cd5-57f2-4fc1-bbc7-d4a9caf4f224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(I**|neԗ ]Ɋ& !neԗ| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=994a7cd5-57f2-4fc1-bbc7-d4a9caf4f224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X}ԗ ]Ɋ& !Xԗ} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p~ԗ ]Ɋ& !Xԗ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pԗ ]Ɋ& !Xԗ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hԗ ]Ɋ& !Xԗ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hԗ ]Ɋ& !Xԗ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hԗ ]Ɋ& !Xԗ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ԗ ]Ɋ&  !ԗ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc8a8683-e006-4e4e-a281-ce06ed7d6163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**_`ԗ ]Ɋ& !_`ԗ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc8a8683-e006-4e4e-a281-ce06ed7d6163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558-**ԗ ]Ɋ& '!Xԗ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**ԗ ]Ɋ& ?!Xԗ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ԗ ]Ɋ& ;!Xԗ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **ԗ ]Ɋ& 3!Xԗ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**ԗ ]Ɋ& 3!Xԗ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ԗ ]Ɋ& 5!Xԗ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0ԗ ]Ɋ& !ԗ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c5b61d2d-ae8d-444b-858e-a8041f287531 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@ԗ ]Ɋ& !ԗ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c5b61d2d-ae8d-444b-858e-a8041f287531 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Բ8 ]Ɋ& )!XԲ8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**Բ8 ]Ɋ& A!XԲ8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**Բ8 ]Ɋ& =!XԲ8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**Բ8 ]Ɋ& 5!XԲ8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1**Բ8 ]Ɋ& 5!XԲ8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**Բ8 ]Ɋ& 7!XԲ8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0m8 ]Ɋ& !m8 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2192275f-de37-4079-ad3e-71ce0922a0ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@*8 ]Ɋ& !*8 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2192275f-de37-4079-ad3e-71ce0922a0ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XW78 ]Ɋ& !XW78 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pW78 ]Ɋ& !XW78 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fp**hW78 ]Ɋ& !XW78 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`W78 ]Ɋ& !XW78 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`W78 ]Ɋ& !XW78 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hW78 ]Ɋ& !XW78 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**W78 ]Ɋ&  !W78 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fac4790-47fa-48b6-a301-4e1bc2ae7c1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**W78 ]Ɋ& !W78 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fac4790-47fa-48b6-a301-4e1bc2ae7c1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8ϵ8 ]Ɋ& !Xϵ8 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m8**Pϵ8 ]Ɋ& !Xϵ8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pϵ8 ]Ɋ& !Xϵ8 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hϵ8 ]Ɋ& !Xϵ8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hϵ8 ]Ɋ& !Xϵ8 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hϵ8 ]Ɋ& !Xϵ8 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**ϵ8 ]Ɋ& !ϵ8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dfc1616-17cc-4814-ab9f-ecfe5be46038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ϵ8 ]Ɋ& !ϵ8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dfc1616-17cc-4814-ab9f-ecfe5be46038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xh8 ]Ɋ& !Xh8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& Xh8 F& F&ndPath= CommandLine=8F& ElfChnk@҈ |HMu=VysMc&&**ph8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!Xh8 F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**hh8 ]Ɋ& !Xh8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`h8 ]Ɋ& !Xh8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`h8 ]Ɋ& !Xh8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f4`**`h8 ]Ɋ& !Xh8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**h8 ]Ɋ& !h8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dad36920-ca39-41cf-bb59-0a59511ebb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h8 ]Ɋ& !h8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dad36920-ca39-41cf-bb59-0a59511ebb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={**(h8 ]Ɋ& !Xh8 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@h8 ]Ɋ& !Xh8 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@h8 ]Ɋ& !Xh8 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8h8 ]Ɋ& !Xh8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8h8 ]Ɋ& !Xh8 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8h8 ]Ɋ& !Xh8 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**8 ]Ɋ& !8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ed8cf129-39d7-4d8d-994c-40c35292b890 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**8 ]Ɋ& !8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ed8cf129-39d7-4d8d-994c-40c35292b890 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**X 8 ]Ɋ& !X 8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p 8 ]Ɋ& !X 8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cp**p 8 ]Ɋ& !X 8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h 8 ]Ɋ& !X 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h 8 ]Ɋ& !X 8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h 8 ]Ɋ& !X 8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** 8 ]Ɋ&  ! 8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09bb54b1-1377-42f8-a66d-46e9661d0e49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8 ]Ɋ& !8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09bb54b1-1377-42f8-a66d-46e9661d0e49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4ec**8 ]Ɋ& '!X8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**8 ]Ɋ& ?!X8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**8 ]Ɋ& ;!X8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**8 ]Ɋ& 3!X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**8 ]Ɋ& 3!X8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**8 ]Ɋ& 5!X8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **08 ]Ɋ& !8 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a8d0a93-d072-46b9-856e-2a6b7d1700bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Ż8 ]Ɋ& !Ż8 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a8d0a93-d072-46b9-856e-2a6b7d1700bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**4< ]Ɋ& )!X4< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**4< ]Ɋ& A!X4< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**4< ]Ɋ& =!X4< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **4< ]Ɋ& 5!X4< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd**4< ]Ɋ& 5!X4< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**4< ]Ɋ& 7!X4< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**04< ]Ɋ& !4< F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8cb28ca-db15-44bc-963f-f3392bb9f81a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@am ]Ɋ& !am F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8cb28ca-db15-44bc-963f-f3392bb9f81a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c37e4ae2-26ed-4e06-bc7a-31d4012599c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c37e4ae2-26ed-4e06-bc7a-31d4012599c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk #Mu=VysMc&&**P ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c54e17-2c9d-43d0-b7e2-186052361494 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c54e17-2c9d-43d0-b7e2-186052361494 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d47df70-3ad9-49ef-832b-b7f19f3f0441 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d47df70-3ad9-49ef-832b-b7f19f3f0441 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**($7 ]Ɋ& !X$7 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@$7 ]Ɋ& !X$7 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@$7 ]Ɋ& !X$7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8$7 ]Ɋ& !X$7 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8$7 ]Ɋ& !X$7 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8$7 ]Ɋ& !X$7 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**$7 ]Ɋ& !$7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e99292f-5975-45ab-9908-96f5a7c69687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ϐ ]Ɋ& !ϐ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e99292f-5975-45ab-9908-96f5a7c69687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef1ed58f-01b7-4b98-8b44-3d42d0ccff99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef1ed58f-01b7-4b98-8b44-3d42d0ccff99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4018ce7-dfe5-43b7-b56b-be435c84ce89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@ʓ ]Ɋ& !ʓ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4018ce7-dfe5-43b7-b56b-be435c84ce89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**I ]Ɋ& )!XI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**I ]Ɋ& A!XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**I ]Ɋ& =!XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**I ]Ɋ& 5!XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**I ]Ɋ& 5!XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**I ]Ɋ& 7!XI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0I ]Ɋ& !I F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14672bee-c1b7-4366-9e79-08873b7c58da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@% ]Ɋ& !% F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14672bee-c1b7-4366-9e79-08873b7c58da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**Xv ]Ɋ& !Xv F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=599X**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hv ]Ɋ& !Xv F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnk77(<>aMu=VysMc&&**hv ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xv F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` v ]Ɋ& !Xv  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h v ]Ɋ& !Xv  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** v ]Ɋ&  !v  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea98b798-2956-496a-9bf9-0bb2740d1bca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** v ]Ɋ& !v  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea98b798-2956-496a-9bf9-0bb2740d1bca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8 v ]Ɋ& !Xv  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pv ]Ɋ& !Xv F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hv ]Ɋ& !Xv F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hv ]Ɋ& !Xv F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hv ]Ɋ& !Xv F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**v ]Ɋ& !v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dacba41d-8996-4872-ba4d-acc4d97115df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** W ]Ɋ& ! W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dacba41d-8996-4872-ba4d-acc4d97115df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X W ]Ɋ& !X W F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p W ]Ɋ& !X W F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h W ]Ɋ& !X W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**` W ]Ɋ& !X W F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**` W ]Ɋ& !X W F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**` W ]Ɋ& !X W F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** W ]Ɋ& ! W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8659ec04-c6f3-4fcc-a988-0b69598e9c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** W ]Ɋ& ! W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8659ec04-c6f3-4fcc-a988-0b69598e9c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8! ]Ɋ& !X! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b238**8" ]Ɋ& !X" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**# ]Ɋ& !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8595a8ca-b8d4-480d-ba9c-e118b7b8c146 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$9 ]Ɋ& !9$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8595a8ca-b8d4-480d-ba9c-e118b7b8c146 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X%Q ]Ɋ& !XQ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p&Q ]Ɋ& !XQ& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p'Q ]Ɋ& !XQ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h(Q ]Ɋ& !XQ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h)Q ]Ɋ& !XQ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h*Q ]Ɋ& !XQ* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+Q ]Ɋ&  !Q+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d92fff1d-aede-4292-a730-83ccf456c2cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d92fff1d-aede-4292-a730-83ccf456c2cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **- ]Ɋ& '!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**. ]Ɋ& ?!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**/ ]Ɋ& ;!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**0 ]Ɋ& 3!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**03 ]Ɋ& !3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=16573e9b-f74b-4b46-80cd-a5b731c1d315 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@4 ]Ɋ& !4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=16573e9b-f74b-4b46-80cd-a5b731c1d315 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**5LcK ]Ɋ& )!XLcK5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**6LcK ]Ɋ& A!XLcK6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**7LcK ]Ɋ& =!XLcK7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXLcK8 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnk8h8hplշRMu=VysMc&&**8LcK ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XLcK8 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **9LcK ]Ɋ& 5!XLcK9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**:LcK ]Ɋ& 7!XLcK: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0;LcK ]Ɋ& !LcK; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a51c3be1-e885-4dc7-90c3-2e5ee474438c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@<yeK ]Ɋ& !yeK< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a51c3be1-e885-4dc7-90c3-2e5ee474438c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=200@**X=yeK ]Ɋ& !XyeK= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p>yeK ]Ɋ& !XyeK> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=121p**h?yeK ]Ɋ& !XyeK? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1h**`@yeK ]Ɋ& !XyeK@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`AyeK ]Ɋ& !XyeKA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hByeK ]Ɋ& !XyeKB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**CyeK ]Ɋ&  !yeKC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd9a2aaa-34a0-4cbc-9909-fb66bf257cae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**DeK ]Ɋ& !eKD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd9a2aaa-34a0-4cbc-9909-fb66bf257cae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8EeK ]Ɋ& !XeKE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**PFeK ]Ɋ& !XeKF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**PGeK ]Ɋ& !XeKG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**HHeK ]Ɋ& !XeKH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HIeK ]Ɋ& !XeKI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HJeK ]Ɋ& !XeKJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=056H**KeK ]Ɋ& !eKK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9b91fa8f-3b2f-45cb-b872-90a95de2d102 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**LeK ]Ɋ& !eKL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9b91fa8f-3b2f-45cb-b872-90a95de2d102 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**XM1fK ]Ɋ& !X1fKM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5f3cX**pN1fK ]Ɋ& !X1fKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hO1fK ]Ɋ& !X1fKO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`P1fK ]Ɋ& !X1fKP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`Q1fK ]Ɋ& !X1fKQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`R1fK ]Ɋ& !X1fKR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**S1fK ]Ɋ& !1fKS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1498172c-7a2f-4098-b01c-9071f3749a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**T1fK ]Ɋ& !1fKT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1498172c-7a2f-4098-b01c-9071f3749a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b3**(U1fK ]Ɋ& !X1fKU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@V1fK ]Ɋ& !X1fKV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@W1fK ]Ɋ& !X1fKW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8X1fK ]Ɋ& !X1fKX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8Y1fK ]Ɋ& !X1fKY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8Z1fK ]Ɋ& !X1fKZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**[1fK ]Ɋ& !1fK[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b21c22d0-620c-440f-a1ff-80b197161dea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=16**\bgK ]Ɋ& !bgK\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b21c22d0-620c-440f-a1ff-80b197161dea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**X],iK ]Ɋ& !X,iK] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p^,iK ]Ɋ& !X,iK^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p_,iK ]Ɋ& !X,iK_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`,iK ]Ɋ& !X,iK` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**ha,iK ]Ɋ& !X,iKa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hb,iK ]Ɋ& !X,iKb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9h**c,iK ]Ɋ&  !,iKc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2eea87-eb8c-4bcb-8632-c7af9ae142cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**d-iK ]Ɋ& !-iKd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2eea87-eb8c-4bcb-8632-c7af9ae142cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**e]jK ]Ɋ& '!X]jKe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**f]jK ]Ɋ& ?!X]jKf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**g]jK ]Ɋ& ;!X]jKg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**h]jK ]Ɋ& 3!X]jKh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX]jKi F&4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXLcK8 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnkiiHձ>KMu=VysMc&&** i]jK ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X]jKi F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **j]jK ]Ɋ& 5!X]jKj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lc**0k]jK ]Ɋ& !]jKk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe95632a-928d-4399-8e7e-0c9df4670a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9e0**@lZjK ]Ɋ& !ZjKl F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe95632a-928d-4399-8e7e-0c9df4670a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**mz. ]Ɋ& )!Xz.m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **nz. ]Ɋ& A!Xz.n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**oz. ]Ɋ& =!Xz.o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**pz. ]Ɋ& 5!Xz.p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf**qz. ]Ɋ& 5!Xz.q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**rz. ]Ɋ& 7!Xz.r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0sz. ]Ɋ& !z.s F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c1270ae-7a95-4b54-9542-5f79f8cea918 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@t_ ]Ɋ& !_t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c1270ae-7a95-4b54-9542-5f79f8cea918 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xu_ ]Ɋ& !X_u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pv_ ]Ɋ& !X_v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hw_ ]Ɋ& !X_w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x_ ]Ɋ& !X_x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`y_ ]Ɋ& !X_y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz_ ]Ɋ& !X_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**{> ]Ɋ&  !>{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=361bd816-eeb7-4d0e-b735-5324f1ae213b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**|> ]Ɋ& !>| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=361bd816-eeb7-4d0e-b735-5324f1ae213b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8}> ]Ɋ& !X>} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P~> ]Ɋ& !X>~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P> ]Ɋ& !X> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fKP**H> ]Ɋ& !X> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H> ]Ɋ& !X> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H> ]Ɋ& !X> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cd44837-16d1-49e1-8c3a-7b8b6e80f2ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ԑ ]Ɋ& !Ԑ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cd44837-16d1-49e1-8c3a-7b8b6e80f2ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**XԐ ]Ɋ& !XԐ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pԐ ]Ɋ& !XԐ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hԐ ]Ɋ& !XԐ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`Ԑ ]Ɋ& !XԐ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a7`**`Ԑ ]Ɋ& !XԐ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`Ԑ ]Ɋ& !XԐ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Ԑ ]Ɋ& !Ԑ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfa96fb0-a475-4895-b419-d78d3acb0a19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Ԑ ]Ɋ& !Ԑ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfa96fb0-a475-4895-b419-d78d3acb0a19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==b2**(k) ]Ɋ& !Xk) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@k) ]Ɋ& !Xk) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@k) ]Ɋ& !Xk) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8k) ]Ɋ& !Xk) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8k) ]Ɋ& !Xk) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8k) ]Ɋ& !Xk) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**k) ]Ɋ& !k) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b2ed58e-64dd-4b7f-a6e7-0c8bba048c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**¯ ]Ɋ& !¯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b2ed58e-64dd-4b7f-a6e7-0c8bba048c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X򼲖 ]Ɋ& !X򼲖 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p򼲖 ]Ɋ& !X򼲖 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p򼲖 ]Ɋ& !X򼲖 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h򼲖 ]Ɋ& !X򼲖 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h򼲖 ]Ɋ& !X򼲖 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h򼲖 ]Ɋ& !X򼲖 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !򼲖 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8,H6Mu=VysMc&&** 򼲖 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !򼲖 F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f45eb46e-3fdd-43b0-8b50-79a2a66721b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0a0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f45eb46e-3fdd-43b0-8b50-79a2a66721b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e70e7a46-58ca-4888-a1eb-df994a90874e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@(O ]Ɋ& !(O F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e70e7a46-58ca-4888-a1eb-df994a90874e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=702cd3fc-d7b1-41e7-ba95-43f0b39b7328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=09-1** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=702cd3fc-d7b1-41e7-ba95-43f0b39b7328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8U ]Ɋ& !XU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3c8**PU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PU ]Ɋ& !XU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**HU ]Ɋ& !XU F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HU ]Ɋ& !XU F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HU ]Ɋ& !XU F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83d1a742-e393-4882-b01e-880ccdd54865 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83d1a742-e393-4882-b01e-880ccdd54865 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hU ]Ɋ& !XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`U ]Ɋ& !XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`U ]Ɋ& !XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`U ]Ɋ& !XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6000a317-bc83-48f7-b986-6bac06788522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6000a317-bc83-48f7-b986-6bac06788522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7a3b17c7-6afe-415d-8451-16748bc9461e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7a3b17c7-6afe-415d-8451-16748bc9461e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0|T 9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e44d53b3-38df-4e38-a28c-3882bb78fee2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**6v  ]Ɋ& !6v  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e44d53b3-38df-4e38-a28c-3882bb78fee2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**  ]Ɋ& '!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**  ]Ɋ& ?!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**  ]Ɋ& ;!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d2**  ]Ɋ& 3!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& 3!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22f**  ]Ɋ& 5!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0  ]Ɋ& !  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d4d661fd-b43f-4e71-a263-9b4160a80376 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@c  ]Ɋ& !c  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d4d661fd-b43f-4e71-a263-9b4160a80376 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**CT] ]Ɋ& )!XCT] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **CT] ]Ɋ& A!XCT] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**CT] ]Ɋ& =!XCT] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**CT] ]Ɋ& 5!XCT] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**CT] ]Ɋ& 5!XCT] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**CT] ]Ɋ& 7!XCT] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0CT] ]Ɋ& !CT] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bfac194-6521-41ca-a448-d1fd8cf1c397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@NT] ]Ɋ& !NT] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bfac194-6521-41ca-a448-d1fd8cf1c397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XtU] ]Ɋ& !XtU] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ptU] ]Ɋ& !XtU] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**htU] ]Ɋ& !XtU] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`tU] ]Ɋ& !XtU] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`tU] ]Ɋ& !XtU] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**htU] ]Ɋ& !XtU] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**tU] ]Ɋ&  !tU] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7d2ba48-229b-4f66-a9e3-d6a6386ed2ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**tU] ]Ɋ& !tU] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7d2ba48-229b-4f66-a9e3-d6a6386ed2ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8{ V] ]Ɋ& !X{ V] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P{ V] ]Ɋ& !X{ V] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P{ V] ]Ɋ& !X{ V] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H{ V] ]Ɋ& !X{ V] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H{ V] ]Ɋ& !X{ V] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H{ V] ]Ɋ& !X{ V] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**{ V] ]Ɋ& !{ V] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0122b64f-a01d-4d2e-8f7f-48420c31b2b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**V] ]Ɋ& !V] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0122b64f-a01d-4d2e-8f7f-48420c31b2b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XV] ]Ɋ& !XV] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pV] ]Ɋ& !XV] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hV] ]Ɋ& !XV] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`V] ]Ɋ& !XV] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`V] ]Ɋ& !XV] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`V] ]Ɋ& !XV] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**V] ]Ɋ& !V] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3d8122d-74a0-4d7c-bf81-028d71830c98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**>W] ]Ɋ& !>W] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3d8122d-74a0-4d7c-bf81-028d71830c98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(?W] ]Ɋ& !X?W] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@?W] ]Ɋ& !X?W] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?W] ]Ɋ& !X?W] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX?W] F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk00pKyߗMu=VysMc&&**8 ?W] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X?W] F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8?W] ]Ɋ& !X?W] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8?W] ]Ɋ& !X?W] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**?W] ]Ɋ& !?W] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=056497d5-dbb3-4dfe-a001-bee09e245381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ee**oX] ]Ɋ& !oX] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=056497d5-dbb3-4dfe-a001-bee09e245381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**X9Z] ]Ɋ& !X9Z] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p9Z] ]Ɋ& !X9Z] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p9Z] ]Ɋ& !X9Z] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9Z] ]Ɋ& !X9Z] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**h 9Z] ]Ɋ& !X9Z]  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**h 9Z] ]Ɋ& !X9Z]  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-h** 9Z] ]Ɋ&  !9Z]  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=103ff638-51b4-4b3b-9a3f-2c1a375f3b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O** j[] ]Ɋ& !j[]  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=103ff638-51b4-4b3b-9a3f-2c1a375f3b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[** j[] ]Ɋ& '!Xj[]  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**j[] ]Ɋ& ?!Xj[] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**j[] ]Ɋ& ;!Xj[] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**j[] ]Ɋ& 3!Xj[] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **j[] ]Ɋ& 3!Xj[] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**j[] ]Ɋ& 5!Xj[] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0j[] ]Ɋ& !j[] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d71bb2e9-4ef0-456e-a875-f1a66c1e83e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@\] ]Ɋ& !\] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d71bb2e9-4ef0-456e-a875-f1a66c1e83e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**&" ]Ɋ& )!X&" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**&" ]Ɋ& A!X&" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&" ]Ɋ& =!X&" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**&" ]Ɋ& 5!X&" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**&" ]Ɋ& 5!X&" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**&" ]Ɋ& 7!X&" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0&" ]Ɋ& !&" F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88b4278-a3e2-4f6d-b511-9f803dacdacf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@W# ]Ɋ& !W# F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88b4278-a3e2-4f6d-b511-9f803dacdacf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=82-@**XY# ]Ɋ& !XY# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pY# ]Ɋ& !XY# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hY# ]Ɋ& !XY# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**` Y# ]Ɋ& !XY#  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**`!Y# ]Ɋ& !XY#! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**h"Y# ]Ɋ& !XY#" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**#Y# ]Ɋ&  !Y## F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=010bf5fc-5a16-4411-a36f-d90f414d6137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**$Y# ]Ɋ& !Y#$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=010bf5fc-5a16-4411-a36f-d90f414d6137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8%$ ]Ɋ& !X$% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P&$ ]Ɋ& !X$& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P'$ ]Ɋ& !X$' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H($ ]Ɋ& !X$( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=33a8H**H)$ ]Ɋ& !X$) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9d3H**H*$ ]Ɋ& !X$* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65-H**+$ ]Ɋ& !$+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1eb8d89-b9e4-4f74-9450-fed39254c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=834**,$ ]Ɋ& !$, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1eb8d89-b9e4-4f74-9450-fed39254c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**X-$ ]Ɋ& !X$- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p.$ ]Ɋ& !X$. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h/$ ]Ɋ& !X$/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`0$ ]Ɋ& !X$0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX$1 F&wid@ 65535 Eng ]Ɋ& ndX?W] F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk1a1a@?fO0Mu=VysMc&&**h1$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X$1 F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`2$ ]Ɋ& !X$2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**3$ ]Ɋ& !$3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec2bca3c-22ab-4be0-b2d4-c18e24aef8bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**4!% ]Ɋ& !!%4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec2bca3c-22ab-4be0-b2d4-c18e24aef8bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(5!% ]Ɋ& !X!%5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@6!% ]Ɋ& !X!%6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@7!% ]Ɋ& !X!%7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**88!% ]Ɋ& !X!%8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**89!% ]Ɋ& !X!%9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8:!% ]Ɋ& !X!%: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**;!% ]Ɋ& !!%; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7e8fdb11-ee2c-4912-b3c3-d055aa83cf3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**<% ]Ɋ& !%< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7e8fdb11-ee2c-4912-b3c3-d055aa83cf3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X=' ]Ɋ& !X'= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p>' ]Ɋ& !X'> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p?' ]Ɋ& !X'? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h@' ]Ɋ& !X'@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hA' ]Ɋ& !X'A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hB' ]Ɋ& !X'B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**C' ]Ɋ&  !'C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76a85d29-49dc-44a4-94c2-fa6c89897623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**Dw( ]Ɋ& !w(D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76a85d29-49dc-44a4-94c2-fa6c89897623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**Ew( ]Ɋ& '!Xw(E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**Fw( ]Ɋ& ?!Xw(F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**Gw( ]Ɋ& ;!Xw(G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Hw( ]Ɋ& 3!Xw(H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==f4**Iw( ]Ɋ& 3!Xw(I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**Jw( ]Ɋ& 5!Xw(J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3**0K ( ]Ɋ& ! (K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7e76e0d-9f0e-46dd-96ec-5b87e1c80807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@LM) ]Ɋ& !M)L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7e76e0d-9f0e-46dd-96ec-5b87e1c80807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**M̸q  ]Ɋ& )!X̸q M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**N̸q  ]Ɋ& A!X̸q N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **O̸q  ]Ɋ& =!X̸q O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **P̸q  ]Ɋ& 5!X̸q P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q̸q  ]Ɋ& 5!X̸q Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **R̸q  ]Ɋ& 7!X̸q R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0SbQr  ]Ɋ& !bQr S F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed03e82-71f6-45d9-bcaf-c23bbf7f4320 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@Ts  ]Ɋ& !s T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed03e82-71f6-45d9-bcaf-c23bbf7f4320 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XUs  ]Ɋ& !Xs U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pVs  ]Ɋ& !Xs V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hWs  ]Ɋ& !Xs W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`Xs  ]Ɋ& !Xs X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`Ys  ]Ɋ& !Xs Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hZs  ]Ɋ& !Xs Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**[s  ]Ɋ&  !s [ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=946ee512-fc3f-4abc-acec-fbd7c7b0061a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**\&t  ]Ɋ& !&t \ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=946ee512-fc3f-4abc-acec-fbd7c7b0061a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8]t  ]Ɋ& !Xt ] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P^t  ]Ɋ& !Xt ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P_t  ]Ɋ& !Xt _ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H`t  ]Ɋ& !Xt ` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hat  ]Ɋ& !Xt a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fdfdH PipelineI ]Ɋ&  Xt b F&ElfChnkbbht~Mu=VysMc&&**Hbt  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!Xt b F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ct  ]Ɋ& !t c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=530b78f2-c7ae-4f5a-9560-afb933b07ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$**dt  ]Ɋ& !t d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=530b78f2-c7ae-4f5a-9560-afb933b07ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xet  ]Ɋ& !Xt e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pft  ]Ɋ& !Xt f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hgt  ]Ɋ& !Xt g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`ht  ]Ɋ& !Xt h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`it  ]Ɋ& !Xt i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`jt  ]Ɋ& !Xt j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kSLu  ]Ɋ& !SLu k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e956fce-352e-4e98-93ce-ca484bb26cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lSLu  ]Ɋ& !SLu l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e956fce-352e-4e98-93ce-ca484bb26cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(mSLu  ]Ɋ& !XSLu m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@nSLu  ]Ɋ& !XSLu n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f@**@oSLu  ]Ɋ& !XSLu o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8pSLu  ]Ɋ& !XSLu p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8qSLu  ]Ɋ& !XSLu q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==dd8**8rSLu  ]Ɋ& !XSLu r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**sSLu  ]Ɋ& !SLu s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5980fc21-65fb-42f0-89cc-7f2255622bc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**t}v  ]Ɋ& !}v t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5980fc21-65fb-42f0-89cc-7f2255622bc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xuw  ]Ɋ& !Xw u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pvw  ]Ɋ& !Xw v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pww  ]Ɋ& !Xw w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hxw  ]Ɋ& !Xw x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hyw  ]Ɋ& !Xw y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hzw  ]Ɋ& !Xw z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**{w  ]Ɋ&  !w { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e306fd-9e90-4a3b-9576-b9bb8261cc2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|CGx  ]Ɋ& !CGx | F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e306fd-9e90-4a3b-9576-b9bb8261cc2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **}x  ]Ɋ& '!Xx } F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**~x  ]Ɋ& ?!Xx ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**x  ]Ɋ& ;!Xx  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**x  ]Ɋ& 3!Xx  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**x  ]Ɋ& 3!Xx  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**x  ]Ɋ& 5!Xx  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0x  ]Ɋ& !x  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=41c7f246-c093-42f5-b8dc-635c5a1908fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@pxy  ]Ɋ& !pxy  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=41c7f246-c093-42f5-b8dc-635c5a1908fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**o ]Ɋ& )!Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**o ]Ɋ& A!Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**o ]Ɋ& =!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **o ]Ɋ& 5!Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **o ]Ɋ& 5!Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**o ]Ɋ& 7!Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0o ]Ɋ& !o F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a7371c2-a03e-42bc-9895-3dde2266ab5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@5Mo ]Ɋ& !5Mo F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a7371c2-a03e-42bc-9895-3dde2266ab5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xo ]Ɋ& !Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**po ]Ɋ& !Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**ho ]Ɋ& !Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`o ]Ɋ& !Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`o ]Ɋ& !Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ho ]Ɋ& !Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& Xt boElfChnkF[gNMu=VysMc&&**o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !o F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dede857-e5ae-4f9d-a825-fac6ae51362f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dede857-e5ae-4f9d-a825-fac6ae51362f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8p ]Ɋ& !Xp F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**Pp ]Ɋ& !Xp F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**Hp ]Ɋ& !Xp F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**Hp ]Ɋ& !Xp F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**Hp ]Ɋ& !Xp F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**p ]Ɋ& !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4acf4856-6e77-4879-ac62-ca89df3dab2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4acf4856-6e77-4879-ac62-ca89df3dab2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XCp ]Ɋ& !XCp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pCp ]Ɋ& !XCp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hCp ]Ɋ& !XCp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`Cp ]Ɋ& !XCp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`Cp ]Ɋ& !XCp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`Cp ]Ɋ& !XCp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**Cp ]Ɋ& !Cp F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd05ac7a-70d6-42a7-98b4-203d981d38da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Cp ]Ɋ& !Cp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd05ac7a-70d6-42a7-98b4-203d981d38da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(Cp ]Ɋ& !XCp F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@Cp ]Ɋ& !XCp F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Cp ]Ɋ& !XCp F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8Cp ]Ɋ& !XCp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8Cp ]Ɋ& !XCp F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8Cp ]Ɋ& !XCp F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Cp ]Ɋ& !Cp F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3ffc6fee-2c5e-42b1-a408-fab6ddbb204a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**Ctp ]Ɋ& !Ctp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3ffc6fee-2c5e-42b1-a408-fab6ddbb204a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X>p ]Ɋ& !X>p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>p ]Ɋ& !X>p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p>p ]Ɋ& !X>p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h>p ]Ɋ& !X>p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h>p ]Ɋ& !X>p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h>p ]Ɋ& !X>p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**>p ]Ɋ&  !>p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=585dd7e4-d705-4e7d-a49d-0a5063d7ad03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=585dd7e4-d705-4e7d-a49d-0a5063d7ad03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**p ]Ɋ& '!Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**p ]Ɋ& ?!Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**p ]Ɋ& ;!Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**p ]Ɋ& 3!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**p ]Ɋ& 3!Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**p ]Ɋ& 5!Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0p ]Ɋ& !p F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dae2c6ea-38e5-471c-ac0d-8e711cf15b90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@p ]Ɋ& !p F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dae2c6ea-38e5-471c-ac0d-8e711cf15b90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2bc-@**Ի ]Ɋ& )!XԻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**Ի ]Ɋ& A!XԻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**Ի ]Ɋ& =!XԻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54**Ի ]Ɋ& 5!XԻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Ի ]Ɋ& 5!XԻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Ի ]Ɋ& 7!XԻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0?ջ ]Ɋ& !?ջ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xt boElfChnkX}SMu=VysMc&&**@ֻ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!ֻ F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xlֻ ]Ɋ& !Xlֻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9dX**plֻ ]Ɋ& !Xlֻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hlֻ ]Ɋ& !Xlֻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`lֻ ]Ɋ& !Xlֻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`lֻ ]Ɋ& !Xlֻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hlֻ ]Ɋ& !Xlֻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**lֻ ]Ɋ&  !lֻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ac6c3a89-b178-4763-b314-fca524dd7d96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**lֻ ]Ɋ& !lֻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ac6c3a89-b178-4763-b314-fca524dd7d96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8lֻ ]Ɋ& !Xlֻ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Plֻ ]Ɋ& !Xlֻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Plֻ ]Ɋ& !Xlֻ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hlֻ ]Ɋ& !Xlֻ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hlֻ ]Ɋ& !Xlֻ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hlֻ ]Ɋ& !Xlֻ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**lֻ ]Ɋ& !lֻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00ef26bb-46de-4a3f-ab18-8d5519b14938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**lֻ ]Ɋ& !lֻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00ef26bb-46de-4a3f-ab18-8d5519b14938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**XM׻ ]Ɋ& !XM׻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-203X**pM׻ ]Ɋ& !XM׻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hM׻ ]Ɋ& !XM׻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`M׻ ]Ɋ& !XM׻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3-`**`M׻ ]Ɋ& !XM׻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`M׻ ]Ɋ& !XM׻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**M׻ ]Ɋ& !M׻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d614b5d-e7d2-45ff-8a85-763019f11ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**M׻ ]Ɋ& !M׻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d614b5d-e7d2-45ff-8a85-763019f11ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(M׻ ]Ɋ& !XM׻ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@M׻ ]Ɋ& !XM׻ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@M׻ ]Ɋ& !XM׻ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8M׻ ]Ɋ& !XM׻ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8M׻ ]Ɋ& !XM׻ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8M׻ ]Ɋ& !XM׻ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**M׻ ]Ɋ& !M׻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8692b57-eda8-4b8f-8382-3f4f80f51ab2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **/~ػ ]Ɋ& !/~ػ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8692b57-eda8-4b8f-8382-3f4f80f51ab2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X yۻ ]Ɋ& !X yۻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p yۻ ]Ɋ& !X yۻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p yۻ ]Ɋ& !X yۻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h yۻ ]Ɋ& !X yۻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h yۻ ]Ɋ& !X yۻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h yۻ ]Ɋ& !X yۻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh** yۻ ]Ɋ&  ! yۻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5192dda-70c4-45c1-a979-975aab7ef9fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ܻ ]Ɋ& !ܻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5192dda-70c4-45c1-a979-975aab7ef9fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**zݻ ]Ɋ& '!Xzݻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**zݻ ]Ɋ& ?!Xzݻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**zݻ ]Ɋ& ;!Xzݻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zݻ ]Ɋ& 3!Xzݻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**zݻ ]Ɋ& 3!Xzݻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zݻ ]Ɋ& 5!Xzݻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0zݻ ]Ɋ& !zݻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1bb4a461-c300-47f1-a51c-bbcccc6c82b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os ߻ F&on=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xt boElfChnk))`zEMu=VysMc&&**@ ߻ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !! ߻ F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1bb4a461-c300-47f1-a51c-bbcccc6c82b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **#0k ]Ɋ& !X#0k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**#0k ]Ɋ& !X#0k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#0k ]Ɋ& !X#0k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**#0k ]Ɋ&  !X#0k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pi**#0k ]Ɋ&  !X#0k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dis**#0k ]Ɋ&  !X#0k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll**#0k ]Ɋ& ]!#0k F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=0d8f996e-9493-4303-9c53-264bbca03486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**wGm ]Ɋ& i!wGm F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=0d8f996e-9493-4303-9c53-264bbca03486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2 ]Ɋ& )!X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2 ]Ɋ& A!X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2 ]Ɋ& =!X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**2 ]Ɋ& 5!X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**2 ]Ɋ& 5!X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wi**2 ]Ɋ& 7!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**02 ]Ɋ& !2 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e660d576-8e08-459c-89a6-cd461ec0d9ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,0**@_? ]Ɋ& !_? F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e660d576-8e08-459c-89a6-cd461ec0d9ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ena@**X_? ]Ɋ& !X_? F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll X**p_? ]Ɋ& !X_? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=pp**h_? ]Ɋ& !X_? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**`_? ]Ɋ& !X_? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p`**` _? ]Ɋ& !X_?  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p`**h _? ]Ɋ& !X_?  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=licah** _? ]Ɋ&  !_?  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abdb0940-46e8-4d64-add1-151c20b41325 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e Ro** _? ]Ɋ& !_?  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abdb0940-46e8-4d64-add1-151c20b41325 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iO8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=78P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=videP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=turH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d762ee6-9581-46fe-9318-7903d788c2cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d762ee6-9581-46fe-9318-7903d788c2cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==13 X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4fh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a51dcca-1ca7-4803-b629-8554133feee6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a51dcca-1ca7-4803-b629-8554133feee6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=; g**(p ]Ɋ& !Xp F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@p ]Ɋ& !Xp F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@p ]Ɋ& !Xp F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idt@**8 p ]Ɋ& !Xp  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8!p ]Ɋ& !Xp! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=OFT8**8"p ]Ɋ& !Xp" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de8**#p ]Ɋ& !p# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5b31b775-e9cc-4386-ad74-d0531bc2fb09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en**$"  ]Ɋ& !" $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5b31b775-e9cc-4386-ad74-d0531bc2fb09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**X%O: ]Ɋ& !XO:% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p&O: ]Ɋ& !XO:& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p'O: ]Ɋ& !XO:' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=75ap**h(O: ]Ɋ& !XO:( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix h**h)O: ]Ɋ& !XO:) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnk*\*\HAnƒ='Mu=VysMc&&**p *O: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XO:* F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **+O: ]Ɋ&  !O:+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ba731383-dba9-41be-841b-3c4a6564e14c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ba731383-dba9-41be-841b-3c4a6564e14c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Powe**- ]Ɋ& '!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **. ]Ɋ& ?!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9**/ ]Ɋ& ;!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**0 ]Ɋ& 3!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**03 ]Ɋ& !3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c84e0a30-b954-4bb2-854e-dc4feca90d59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4 ]Ɋ& !4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c84e0a30-b954-4bb2-854e-dc4feca90d59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-cd4@**51~ ]Ɋ& )!X1~5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**61~ ]Ɋ& A!X1~6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**71~ ]Ɋ& =!X1~7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd**81~ ]Ɋ& 5!X1~8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**91~ ]Ɋ& 5!X1~9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:1~ ]Ɋ& 7!X1~: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_**0;1~ ]Ɋ& !1~; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0934ee60-fa92-435e-a972-65a8564a94d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<@b ]Ɋ& !@b< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0934ee60-fa92-435e-a972-65a8564a94d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=@b ]Ɋ& !X@b= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>@b ]Ɋ& !X@b> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?@b ]Ɋ& !X@b? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@@b ]Ɋ& !X@b@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`A@b ]Ɋ& !X@bA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hB@b ]Ɋ& !X@bB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**C@b ]Ɋ&  !@bC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9330e73-174b-48b1-a048-3835459c97ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**D@b ]Ɋ& !@bD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9330e73-174b-48b1-a048-3835459c97ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8E ]Ɋ& !XE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PF ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PG ]Ɋ& !XG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HH ]Ɋ& !XH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HI ]Ɋ& !XI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**HJ ]Ɋ& !XJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**K ]Ɋ& !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2043d69-96df-4545-b73a-28e6f793b8ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2043d69-96df-4545-b73a-28e6f793b8ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XM ]Ɋ& !XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`P ]Ɋ& !XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`Q ]Ɋ& !XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`R ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=658a80f5-51a3-4112-8a2c-a1af4f0d4562 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=658a80f5-51a3-4112-8a2c-a1af4f0d4562 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(Um ]Ɋ& !XmU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b(**@Vm ]Ɋ& !XmV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@Wm ]Ɋ& !XmW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8Xm ]Ɋ& !XmX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8Ym ]Ɋ& !XmY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8Zm ]Ɋ& !XmZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[m ]Ɋ& !m[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e34f00-ce78-40f6-894b-a455ef8d9946 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **\, ]Ɋ& !,\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e34f00-ce78-40f6-894b-a455ef8d9946 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin-width 65535 ]Ɋ&  CX0]] F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnk]]Hx`~Mu=VysMc&&**` ]0] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X0]] F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p^0] ]Ɋ& !X0]^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p_0] ]Ɋ& !X0]_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h`0] ]Ɋ& !X0]` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**ha0] ]Ɋ& !X0]a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hb0] ]Ɋ& !X0]b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**c0] ]Ɋ&  !0]c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f6ae17-a5ea-4bfd-8bc3-af112a445971 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f6ae17-a5ea-4bfd-8bc3-af112a445971 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**f ]Ɋ& ?!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-a**h ]Ɋ& 3!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**i ]Ɋ& 3!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a61**j ]Ɋ& 5!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0k ]Ɋ& !k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e1c92bb6-5309-44df-94a0-e70a9ca19a63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@l& ]Ɋ& !&l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e1c92bb6-5309-44df-94a0-e70a9ca19a63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**m;ָ ]Ɋ& )!X;ָm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**n;ָ ]Ɋ& A!X;ָn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **o;ָ ]Ɋ& =!X;ָo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**p;ָ ]Ɋ& 5!X;ָp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**q;ָ ]Ɋ& 5!X;ָq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **r;ָ ]Ɋ& 7!X;ָr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0s;ָ ]Ɋ& !;ָs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b0c83f2-a3a1-4ba4-ad95-c95457935ae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@tDָ ]Ɋ& !Dָt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b0c83f2-a3a1-4ba4-ad95-c95457935ae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**Xuhݪָ ]Ɋ& !Xhݪָu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pvhݪָ ]Ɋ& !Xhݪָv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hwhݪָ ]Ɋ& !Xhݪָw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`xhݪָ ]Ɋ& !Xhݪָx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`yhݪָ ]Ɋ& !Xhݪָy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hzhݪָ ]Ɋ& !Xhݪָz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**{hݪָ ]Ɋ&  !hݪָ{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2b70dc7-871f-4790-b667-a945eb2fed99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**|hݪָ ]Ɋ& !hݪָ| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2b70dc7-871f-4790-b667-a945eb2fed99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8},ָ ]Ɋ& !X,ָ} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P~,ָ ]Ɋ& !X,ָ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P,ָ ]Ɋ& !X,ָ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H,ָ ]Ɋ& !X,ָ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H,ָ ]Ɋ& !X,ָ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H,ָ ]Ɋ& !X,ָ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**?ָ ]Ɋ& !?ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33f5042f-c526-41a8-9f95-c676fe9b1df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **?ָ ]Ɋ& !?ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33f5042f-c526-41a8-9f95-c676fe9b1df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X?ָ ]Ɋ& !X?ָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=UX**p?ָ ]Ɋ& !X?ָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h?ָ ]Ɋ& !X?ָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`?ָ ]Ɋ& !X?ָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`?ָ ]Ɋ& !X?ָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`?ָ ]Ɋ& !X?ָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**?ָ ]Ɋ& !?ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46781aad-ad2a-459c-9f78-c92d8381e10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**?ָ ]Ɋ& !?ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46781aad-ad2a-459c-9f78-c92d8381e10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(Yحָ ]Ɋ& !XYحָ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Yحָ ]Ɋ& !XYحָ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@-width 65535 ]Ɋ&  CXYحָ F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnkP~}ǵMu=VysMc&&**@ Yحָ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!XYحָ F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8Yحָ ]Ɋ& !XYحָ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8Yحָ ]Ɋ& !XYحָ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8Yحָ ]Ɋ& !XYحָ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**Yحָ ]Ɋ& !Yحָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d48e6072-24bd-411d-a5b2-4d20eeef12bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**pָ ]Ɋ& !pָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d48e6072-24bd-411d-a5b2-4d20eeef12bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xָ ]Ɋ& !Xָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pָ ]Ɋ& !Xָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pָ ]Ɋ& !Xָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hָ ]Ɋ& !Xָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hָ ]Ɋ& !Xָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hָ ]Ɋ& !Xָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**ָ ]Ɋ&  !ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75c183db-87c3-44cb-bb87-c6b586f7acdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**:ָ ]Ɋ& !:ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75c183db-87c3-44cb-bb87-c6b586f7acdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**:ָ ]Ɋ& '!X:ָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**:ָ ]Ɋ& ?!X:ָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**:ָ ]Ɋ& ;!X:ָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4f**:ָ ]Ɋ& 3!X:ָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****:ָ ]Ɋ& 3!X:ָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fc2**:ָ ]Ɋ& 5!X:ָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0:ָ ]Ɋ& !:ָ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=348688a3-11a6-4732-af86-1e302268c82a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@kָ ]Ɋ& !kָ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=348688a3-11a6-4732-af86-1e302268c82a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**zr9 ]Ɋ& )!Xzr9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**zr9 ]Ɋ& A!Xzr9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**zr9 ]Ɋ& =!Xzr9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**zr9 ]Ɋ& 5!Xzr9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**zr9 ]Ɋ& 5!Xzr9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=11**zr9 ]Ɋ& 7!Xzr9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0zr9 ]Ɋ& !zr9 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f54f58d-5091-4e92-ba57-4fcc5fd5fbc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@9 ]Ɋ& !9 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f54f58d-5091-4e92-ba57-4fcc5fd5fbc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X9 ]Ɋ& !X9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p9 ]Ɋ& !X9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9 ]Ɋ& !X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`9 ]Ɋ& !X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h9 ]Ɋ& !X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**9 ]Ɋ&  !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6e0914-7f5f-4f4f-9fac-7f87347402a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**9 ]Ɋ& !9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6e0914-7f5f-4f4f-9fac-7f87347402a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8><9 ]Ɋ& !X><9 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P><9 ]Ɋ& !X><9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P><9 ]Ɋ& !X><9 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H><9 ]Ɋ& !X><9 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H><9 ]Ɋ& !X><9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H><9 ]Ɋ& !X><9 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**><9 ]Ɋ& !><9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4e41137-f62e-46cf-bb1a-292503fccf8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**><9 ]Ɋ& !><9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4e41137-f62e-46cf-bb1a-292503fccf8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X><9 ]Ɋ& !X><9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ָX**p><9 ]Ɋ& !X><9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h><9 ]Ɋ& !X><9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X><9 F&CommandPath= CommandLine=n@-width 65535 ]Ɋ&  CXYحָ F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnkXq5LMu=VysMc&&**h><9 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X><9 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`><9 ]Ɋ& !X><9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`><9 ]Ɋ& !X><9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**><9 ]Ɋ& !><9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fea8f09-bfcc-4049-bcf5-a62b1ddae0fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **><9 ]Ɋ& !><9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fea8f09-bfcc-4049-bcf5-a62b1ddae0fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(Ծ9 ]Ɋ& !XԾ9 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@Ծ9 ]Ɋ& !XԾ9 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@Ծ9 ]Ɋ& !XԾ9 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8Ծ9 ]Ɋ& !XԾ9 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8Ծ9 ]Ɋ& !XԾ9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8Ծ9 ]Ɋ& !XԾ9 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**Ծ9 ]Ɋ& !Ծ9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7b56efe4-5b89-4282-b1c8-39ea82848162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**km9 ]Ɋ& !km9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7b56efe4-5b89-4282-b1c8-39ea82848162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X9 ]Ɋ& !X9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p9 ]Ɋ& !X9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p9 ]Ɋ& !X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9 ]Ɋ& !X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h9 ]Ɋ& !X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cfh**9 ]Ɋ&  !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4f5f062-09c4-4c61-ac06-84b5d3b6f1e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **.79 ]Ɋ& !.79 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4f5f062-09c4-4c61-ac06-84b5d3b6f1e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**.79 ]Ɋ& '!X.79 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**.79 ]Ɋ& ?!X.79 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**.79 ]Ɋ& ;!X.79 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**.79 ]Ɋ& 3!X.79 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**.79 ]Ɋ& 3!X.79 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**.79 ]Ɋ& 5!X.79 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0.79 ]Ɋ& !.79 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6c58f890-b7e5-4ef4-85dc-bbcc12210a2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5f0**@[h9 ]Ɋ& ![h9 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6c58f890-b7e5-4ef4-85dc-bbcc12210a2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**zz ]Ɋ& )!Xzz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zz ]Ɋ& A!Xzz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zz ]Ɋ& =!Xzz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **zz ]Ɋ& 5!Xzz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**zz ]Ɋ& 5!Xzz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**zz ]Ɋ& 7!Xzz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0zz ]Ɋ& !zz F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfce821e-8224-4d8c-a87d-c120e44a56b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@>z ]Ɋ& !>z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfce821e-8224-4d8c-a87d-c120e44a56b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==f0@**X݁z ]Ɋ& !X݁z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p݁z ]Ɋ& !X݁z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h݁z ]Ɋ& !X݁z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`݁z ]Ɋ& !X݁z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`݁z ]Ɋ& !X݁z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**h݁z ]Ɋ& !X݁z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8427h**݁z ]Ɋ&  !݁z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bc4d870-3f24-415f-b2ae-5e377b87411b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**uz ]Ɋ& !uz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bc4d870-3f24-415f-b2ae-5e377b87411b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8uz ]Ɋ& !Xuz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Puz ]Ɋ& !Xuz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Puz ]Ɋ& !Xuz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0aadP**Huz ]Ɋ& !Xuz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Hpthme= Co ]Ɋ&  Xuz ElfChnk!!H:`"k]Mu=VysMc&&**Huz ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xuz F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Huz ]Ɋ& !Xuz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**uz ]Ɋ& !uz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9723fe9-a87e-482d-b16d-8c7dafb12566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**uz ]Ɋ& !uz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9723fe9-a87e-482d-b16d-8c7dafb12566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Xuz ]Ɋ& !Xuz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**puz ]Ɋ& !Xuz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**huz ]Ɋ& !Xuz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`uz ]Ɋ& !Xuz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`uz ]Ɋ& !Xuz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`uz ]Ɋ& !Xuz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**/z ]Ɋ& !/z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63620c1f-fedc-4351-ba2b-d46c50ebc08e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/z ]Ɋ& !/z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63620c1f-fedc-4351-ba2b-d46c50ebc08e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(/z ]Ɋ& !X/z F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@/z ]Ɋ& !X/z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@/z ]Ɋ& !X/z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8/z ]Ɋ& !X/z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8/z ]Ɋ& !X/z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8/z ]Ɋ& !X/z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**/z ]Ɋ& !/z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fcd4a7b3-6fdb-4e99-add0-9b6beada45c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **\?z ]Ɋ& !\?z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fcd4a7b3-6fdb-4e99-add0-9b6beada45c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hz ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h z ]Ɋ& !Xz  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h z ]Ɋ& !Xz  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath** z ]Ɋ&  !z  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af7ba3f0-bb84-4ccc-b6bd-44eff9289288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** z ]Ɋ& !z  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af7ba3f0-bb84-4ccc-b6bd-44eff9289288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=** -0z ]Ɋ& '!X-0z  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **-0z ]Ɋ& ?!X-0z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**-0z ]Ɋ& ;!X-0z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**-0z ]Ɋ& 3!X-0z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **-0z ]Ɋ& 3!X-0z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**-0z ]Ɋ& 5!X-0z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0-0z ]Ɋ& !-0z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0950c547-54d6-45bf-871e-9ee51fa45767 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@Zaz ]Ɋ& !Zaz F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0950c547-54d6-45bf-871e-9ee51fa45767 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c12@***g׽ ]Ɋ& )!X*g׽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa***g׽ ]Ɋ& A!X*g׽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace***g׽ ]Ɋ& =!X*g׽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=82***g׽ ]Ɋ& 5!X*g׽ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C***g׽ ]Ɋ& 5!X*g׽ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr***g׽ ]Ɋ& 7!X*g׽ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0*g׽ ]Ɋ& !*g׽ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2690b915-90a0-41f5-8fbc-7886769fd0d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@W׽ ]Ɋ& !W׽ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2690b915-90a0-41f5-8fbc-7886769fd0d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XW׽ ]Ɋ& !XW׽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pW׽ ]Ɋ& !XW׽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hW׽ ]Ɋ& !XW׽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` W׽ ]Ɋ& !XW׽  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`!W׽ ]Ɋ& !XW׽! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`=Hpth ]Ɋ& XW׽" F& ElfChnk"R"Rp%{q Mu=VysMc&&**h"W׽ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!XW׽" F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#W׽ ]Ɋ&  !W׽# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecc69b36-fe6d-49f1-b3bf-311e099dc339 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$0׽ ]Ɋ& !0׽$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecc69b36-fe6d-49f1-b3bf-311e099dc339 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8%0׽ ]Ɋ& !X0׽% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&0׽ ]Ɋ& !X0׽& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'0׽ ]Ɋ& !X0׽' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**H(0׽ ]Ɋ& !X0׽( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H)0׽ ]Ɋ& !X0׽) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H*0׽ ]Ɋ& !X0׽* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**+0׽ ]Ɋ& !0׽+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b36f5f57-900b-42ad-ae50-a1de804648b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,0׽ ]Ɋ& !0׽, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b36f5f57-900b-42ad-ae50-a1de804648b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-G׽ ]Ɋ& !XG׽- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p.G׽ ]Ɋ& !XG׽. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h/G׽ ]Ɋ& !XG׽/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`0G׽ ]Ɋ& !XG׽0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`1G׽ ]Ɋ& !XG׽1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`2G׽ ]Ɋ& !XG׽2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3G׽ ]Ɋ& !G׽3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a5543b-d8e1-45de-8c24-d09ad82a3da5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4G׽ ]Ɋ& !G׽4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a5543b-d8e1-45de-8c24-d09ad82a3da5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(5+׽ ]Ɋ& !X+׽5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@6+׽ ]Ɋ& !X+׽6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@7+׽ ]Ɋ& !X+׽7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**88+׽ ]Ɋ& !X+׽8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**89+׽ ]Ɋ& !X+׽9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8:+׽ ]Ɋ& !X+׽: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**;+׽ ]Ɋ& !+׽; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=331cd39c-bb41-4464-888f-5081eba753ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**< ]׽ ]Ɋ& ! ]׽< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=331cd39c-bb41-4464-888f-5081eba753ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X=&׽ ]Ɋ& !X&׽= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p>&׽ ]Ɋ& !X&׽> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p?&׽ ]Ɋ& !X&׽? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h@&׽ ]Ɋ& !X&׽@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hA&׽ ]Ɋ& !X&׽A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hB&׽ ]Ɋ& !X&׽B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**C&׽ ]Ɋ&  !&׽C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=854141a1-de25-49f1-a814-7d8a37884ea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**De׽ ]Ɋ& !e׽D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=854141a1-de25-49f1-a814-7d8a37884ea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**E(׽ ]Ɋ& '!X(׽E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**F(׽ ]Ɋ& ?!X(׽F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**G(׽ ]Ɋ& ;!X(׽G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**H(׽ ]Ɋ& 3!X(׽H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **I(׽ ]Ɋ& 3!X(׽I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**J(׽ ]Ɋ& 5!X(׽J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0K(׽ ]Ɋ& !(׽K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=08faba14-391c-468a-b00f-c613cc57c4c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@L!׽ ]Ɋ& !!׽L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=08faba14-391c-468a-b00f-c613cc57c4c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd0d@**M3 ]Ɋ& )!X3M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**N3 ]Ɋ& A!X3N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**O3 ]Ɋ& =!X3O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94**P3 ]Ɋ& 5!X3P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Q3 ]Ɋ& 5!X3Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkSS9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53494960-1664-4a0f-89cf-ae37c841146e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@T83 ]Ɋ& !83T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53494960-1664-4a0f-89cf-ae37c841146e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**XUMѱ3 ]Ɋ& !XMѱ3U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pVMѱ3 ]Ɋ& !XMѱ3V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hWMѱ3 ]Ɋ& !XMѱ3W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`XMѱ3 ]Ɋ& !XMѱ3X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`YMѱ3 ]Ɋ& !XMѱ3Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hZMѱ3 ]Ɋ& !XMѱ3Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**[Mѱ3 ]Ɋ&  !Mѱ3[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec3827e-85c9-4306-ad3b-baa74ee7b535 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**\Mѱ3 ]Ɋ& !Mѱ3\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec3827e-85c9-4306-ad3b-baa74ee7b535 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8]Mѱ3 ]Ɋ& !XMѱ3] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P^Mѱ3 ]Ɋ& !XMѱ3^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P_Mѱ3 ]Ɋ& !XMѱ3_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H`Mѱ3 ]Ɋ& !XMѱ3` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HaMѱ3 ]Ɋ& !XMѱ3a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HbMѱ3 ]Ɋ& !XMѱ3b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**cMѱ3 ]Ɋ& !Mѱ3c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6b76e89-7b72-491e-9399-f507312f931e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**dMѱ3 ]Ɋ& !Mѱ3d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6b76e89-7b72-491e-9399-f507312f931e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xei3 ]Ɋ& !Xi3e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e9aX**pfi3 ]Ɋ& !Xi3f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hgi3 ]Ɋ& !Xi3g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`hi3 ]Ɋ& !Xi3h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`ii3 ]Ɋ& !Xi3i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`ji3 ]Ɋ& !Xi3j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ki3 ]Ɋ& !i3k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84420ef1-2aaa-4d92-83c7-493e6296d6e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**li3 ]Ɋ& !i3l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84420ef1-2aaa-4d92-83c7-493e6296d6e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(m33 ]Ɋ& !X33m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@n33 ]Ɋ& !X33n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@o33 ]Ɋ& !X33o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8p33 ]Ɋ& !X33p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8q33 ]Ɋ& !X33q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8r33 ]Ɋ& !X33r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**s33 ]Ɋ& !33s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d834de4-c984-4257-b3bb-77b8d1d4b30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**t=̴3 ]Ɋ& !=̴3t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d834de4-c984-4257-b3bb-77b8d1d4b30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**Xu.Ƿ3 ]Ɋ& !X.Ƿ3u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pv.Ƿ3 ]Ɋ& !X.Ƿ3v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pw.Ƿ3 ]Ɋ& !X.Ƿ3w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hx.Ƿ3 ]Ɋ& !X.Ƿ3x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hy.Ƿ3 ]Ɋ& !X.Ƿ3y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hz.Ƿ3 ]Ɋ& !X.Ƿ3z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**{_3 ]Ɋ&  !_3{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=331c9c81-7b28-4632-abed-3e24e3a3c067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|[3 ]Ɋ& ![3| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=331c9c81-7b28-4632-abed-3e24e3a3c067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**}[3 ]Ɋ& '!X[3} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**~[3 ]Ɋ& ?!X[3~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& ;!X[3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& 3!X[3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**[3 ]Ɋ& 3!X[3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& 5!X[3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35[3 F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHؿv&~Mu=VysMc&&**8 [3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![3 F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f90e4ae0-0d69-4607-8b86-4c517278fcef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-78 **@)3 ]Ɋ& !)3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f90e4ae0-0d69-4607-8b86-4c517278fcef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**@;D ]Ɋ& )!X@;D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**@;D ]Ɋ& A!X@;D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **@;D ]Ɋ& =!X@;D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **@;D ]Ɋ& 5!X@;D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**@;D ]Ɋ& 5!X@;D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**@;D ]Ɋ& 7!X@;D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0ӈD ]Ɋ& !ӈD F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1318e97-23a8-4806-a4fd-e27713ddf72f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@mlD ]Ɋ& !mlD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1318e97-23a8-4806-a4fd-e27713ddf72f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XmlD ]Ɋ& !XmlD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^X**pmlD ]Ɋ& !XmlD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hmlD ]Ɋ& !XmlD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`mlD ]Ɋ& !XmlD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`mlD ]Ɋ& !XmlD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hmlD ]Ɋ& !XmlD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**D ]Ɋ&  !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b604b58c-fce5-4046-99eb-bebb8006040b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b604b58c-fce5-4046-99eb-bebb8006040b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8D ]Ɋ& !XD F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PD ]Ɋ& !XD F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**HD ]Ɋ& !XD F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HD ]Ɋ& !XD F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HD ]Ɋ& !XD F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7518eec4-d25f-4aa2-8061-f035d9487e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7518eec4-d25f-4aa2-8061-f035d9487e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XD ]Ɋ& !XD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hD ]Ɋ& !XD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`D ]Ɋ& !XD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=15`**`D ]Ɋ& !XD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`D ]Ɋ& !XD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f33dcd7c-70ea-4df0-abcf-45621486fcba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f33dcd7c-70ea-4df0-abcf-45621486fcba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(D ]Ɋ& !XD F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@D ]Ɋ& !XD F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@D ]Ɋ& !XD F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8D ]Ɋ& !XD F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8D ]Ɋ& !XD F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8D ]Ɋ& !XD F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dd2cd0f0-53d3-4d82-97b7-e038220c8887 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**΋D ]Ɋ& !΋D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dd2cd0f0-53d3-4d82-97b7-e038220c8887 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X]gD ]Ɋ& !X]gD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p]gD ]Ɋ& !X]gD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p]gD ]Ɋ& !X]gD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h]gD ]Ɋ& !X]gD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h]gD ]Ɋ& !X]gD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h]gD ]Ɋ& !X]gD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**]gD ]Ɋ&  !]gD F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0004bd1d-a1ac-4a8b-8cc8-3ae8bf108534 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0004bd1d-a1ac-4a8b-8cc8-3ae8bf108534 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35[3 ]Ɋ&  CXD F&ommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(bG7 Mu=VysMc&&** D ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XD F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **D ]Ɋ& ?!XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**D ]Ɋ& ;!XD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **D ]Ɋ& 3!XD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**D ]Ɋ& 3!XD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**D ]Ɋ& 5!XD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0D ]Ɋ& !D F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1b3ad67b-3fcf-4b8c-a3b5-545870a269f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@!1D ]Ɋ& !!1D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1b3ad67b-3fcf-4b8c-a3b5-545870a269f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**) ]Ɋ& 7!X) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334793f2-7e5a-43f7-b18a-a28161b70342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@([ ]Ɋ& !([ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334793f2-7e5a-43f7-b18a-a28161b70342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X([ ]Ɋ& !X([ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p([ ]Ɋ& !X([ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h([ ]Ɋ& !X([ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`([ ]Ɋ& !X([ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`([ ]Ɋ& !X([ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h([ ]Ɋ& !X([ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**([ ]Ɋ&  !([ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41cdab4c-a848-4c09-a812-b2c8c387a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**([ ]Ɋ& !([ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41cdab4c-a848-4c09-a812-b2c8c387a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8([ ]Ɋ& !X([ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P([ ]Ɋ& !X([ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P([ ]Ɋ& !X([ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H([ ]Ɋ& !X([ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H([ ]Ɋ& !X([ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H([ ]Ɋ& !X([ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**([ ]Ɋ& !([ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eae3a119-23df-4f78-8423-c3e222bb3671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eae3a119-23df-4f78-8423-c3e222bb3671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3814d8ae-f0be-467f-b998-41d036e07661 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3814d8ae-f0be-467f-b998-41d036e07661 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(U ]Ɋ& !XU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@U ]Ɋ& !XU F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@U ]Ɋ& !XU F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bbb@**8U ]Ɋ& !XU F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8U ]Ɋ& !XU F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8U ]Ɋ& !XU F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e2ea5-d46a-4975-bf27-0092fd15d541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e2ea5-d46a-4975-bf27-0092fd15d541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XV ]Ɋ& !XV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pV ]Ɋ& !XV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& f-XV F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkP~Mu=VysMc&&**h V ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XV F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hV ]Ɋ& !XV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hV ]Ɋ& !XV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**V ]Ɋ&  !V F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aadd5228-af38-4025-9c67-8ca0032ca415 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aadd5228-af38-4025-9c67-8ca0032ca415 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**ߐ ]Ɋ& '!Xߐ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**ߐ ]Ɋ& ?!Xߐ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ߐ ]Ɋ& ;!Xߐ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**ߐ ]Ɋ& 3!Xߐ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ߐ ]Ɋ& 3!Xߐ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**ߐ ]Ɋ& 5!Xߐ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0ߐ ]Ɋ& !ߐ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80c324c5-f73c-49e3-b802-7435dd997167 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80c324c5-f73c-49e3-b802-7435dd997167 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**Hqr ]Ɋ& !XHqr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Hqr ]Ɋ& !XHqr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Hqr ]Ɋ& !XHqr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str**Hqr ]Ɋ&  !XHqr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/**Hqr ]Ɋ&  !XHqr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70-**Hqr ]Ɋ&  !XHqr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Hqr ]Ɋ& ]!Hqr F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=f2902cda-329b-4d80-99dc-cfdd7b7cae6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng**=r ]Ɋ& i!=r F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=f2902cda-329b-4d80-99dc-cfdd7b7cae6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&g  ]Ɋ& )!X&g  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**&g  ]Ɋ& A!X&g  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vers**&g  ]Ɋ& =!X&g  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ui**&g  ]Ɋ& 5!X&g  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= f**&g  ]Ɋ& 5!X&g  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **&g  ]Ɋ& 7!X&g  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0&g  ]Ɋ& !&g  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=804029f0-04ff-408b-adc3-d072d25612ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Wh  ]Ɋ& !Wh  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=804029f0-04ff-408b-adc3-d072d25612ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ole@**X m  ]Ɋ& !X m  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p m  ]Ɋ& !X m  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=Sp**h m  ]Ɋ& !X m  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` m  ]Ɋ& !X m  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**` m  ]Ɋ& !X m   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h m  ]Ɋ& !X m   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=derSh** m  ]Ɋ&  ! m   F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e66dd9-6caa-471b-9091-20912cfc7612 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostN** Mn  ]Ɋ& !Mn   F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e66dd9-6caa-471b-9091-20912cfc7612 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e**8 Hq  ]Ɋ& !XHq   F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce8**PHq  ]Ɋ& !XHq  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=AlP**PHq  ]Ɋ& !XHq  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HHq  ]Ɋ& !XHq  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== H**HHq  ]Ɋ& !XHq  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GlobH**HHq  ]Ɋ& !XHq  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-UH**Hq  ]Ɋ& !Hq  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e099aee5-3fce-437a-9c14-a43560f43d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==5f**Hq  ]Ɋ& !Hq  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e099aee5-3fce-437a-9c14-a43560f43d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xs  ]Ɋ& !Xs  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ps  ]Ɋ& !Xs  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pipp**hs  ]Ɋ& !Xs  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCh**`s  ]Ɋ& !Xs  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p `**`s  ]Ɋ& !Xs  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`s  ]Ɋ& !Xs  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**s  ]Ɋ& !s  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b00ae5e9-f5a4-4108-99da-a62d7a992868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**Ct  ]Ɋ& !Ct  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b00ae5e9-f5a4-4108-99da-a62d7a992868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion RunspaceId ]Ɋ&  SX͠y  F&ommandLine= F& ElfChnkMM4A YMu=VysMc&&**0 ͠y  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X͠y  F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma0 **@͠y  ]Ɋ& !X͠y  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@͠y  ]Ɋ& !X͠y  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntV@**8 ͠y  ]Ɋ& !X͠y   F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**8!͠y  ]Ɋ& !X͠y ! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8"͠y  ]Ɋ& !X͠y " F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-w8**#͠y  ]Ɋ& !͠y # F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90295d9a-40f4-498c-a1eb-5bd4c1fb7e8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=et**$c9z  ]Ɋ& !c9z $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90295d9a-40f4-498c-a1eb-5bd4c1fb7e8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, $**X%ƒ  ]Ɋ& !Xƒ % F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SX**p&ƒ  ]Ɋ& !Xƒ & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p'ƒ  ]Ɋ& !Xƒ ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypep**h(ƒ  ]Ɋ& !Xƒ ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h)ƒ  ]Ɋ& !Xƒ ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h*ƒ  ]Ɋ& !Xƒ * F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ƒ  ]Ɋ&  !ƒ + F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f0d1849-48eb-43b6-9f10-9548461f65ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP**,b[  ]Ɋ& !b[ , F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f0d1849-48eb-43b6-9f10-9548461f65ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**-RV  ]Ɋ& '!XRV - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**.RV  ]Ɋ& ?!XRV . F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**/RV  ]Ɋ& ;!XRV / F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=S**0RV  ]Ɋ& 3!XRV 0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P**1RV  ]Ɋ& 3!XRV 1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**2RV  ]Ɋ& 5!XRV 2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d=**03RV  ]Ɋ& !RV 3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3a3a8fa3-9089-4b84-b9ef-f29fdb336ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H0**@4  ]Ɋ& ! 4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3a3a8fa3-9089-4b84-b9ef-f29fdb336ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= @**5qM ]Ɋ& )!XqM5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**6qM ]Ɋ& A!XqM6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ivir**7qM ]Ɋ& =!XqM7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **8qM ]Ɋ& 5!XqM8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d8**9qM ]Ɋ& 5!XqM9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**:qM ]Ɋ& 7!XqM: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0;qM ]Ɋ& !qM; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ec198d4-d79d-45a1-8dc6-5b4637bf5425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<ߢM ]Ɋ& !ߢM< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ec198d4-d79d-45a1-8dc6-5b4637bf5425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X=ߢM ]Ɋ& !XߢM= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaX**p>ߢM ]Ɋ& !XߢM> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cep**h?ߢM ]Ɋ& !XߢM? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=qh**`@ߢM ]Ɋ& !XߢM@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`AߢM ]Ɋ& !XߢMA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hBߢM ]Ɋ& !XߢMB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**CߢM ]Ɋ&  !ߢMC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b6974d-aa80-42c1-acbb-a95a4b515b1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aila**DߢM ]Ɋ& !ߢMD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b6974d-aa80-42c1-acbb-a95a4b515b1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gi**8Ev;M ]Ɋ& !Xv;ME F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PFv;M ]Ɋ& !Xv;MF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGv;M ]Ɋ& !Xv;MG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HHv;M ]Ɋ& !Xv;MH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HIv;M ]Ɋ& !Xv;MI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HJv;M ]Ɋ& !Xv;MJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sH**Kv;M ]Ɋ& !v;MK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e3307ecf-6b20-4766-8df6-429926d58539 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Lv;M ]Ɋ& !v;ML F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e3307ecf-6b20-4766-8df6-429926d58539 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XMv;M ]Ɋ& !Xv;MM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= XommandLine= ]Ɋ& Xv;MN F&y  F&ommandLine= F& ElfChnkN~N~@Mu=VysMc&&**pNv;M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!Xv;MN F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**hOv;M ]Ɋ& !Xv;MO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`Pv;M ]Ɋ& !Xv;MP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`Qv;M ]Ɋ& !Xv;MQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4f`**`Rv;M ]Ɋ& !Xv;MR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Sv;M ]Ɋ& !v;MS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b485ce-448a-47ec-8116-22df5146ff00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tv;M ]Ɋ& !v;MT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b485ce-448a-47ec-8116-22df5146ff00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**(U9M ]Ɋ& !X9MU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@V9M ]Ɋ& !X9MV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@W9M ]Ɋ& !X9MW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8X9M ]Ɋ& !X9MX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8Y9M ]Ɋ& !X9MY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8Z9M ]Ɋ& !X9MZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**[9M ]Ɋ& !9M[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=932015e1-cd9e-4263-acaa-f345274544c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**\НM ]Ɋ& !НM\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=932015e1-cd9e-4263-acaa-f345274544c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**X]gM ]Ɋ& !XgM] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p^gM ]Ɋ& !XgM^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fp**p_gM ]Ɋ& !XgM_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h`gM ]Ɋ& !XgM` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hagM ]Ɋ& !XgMa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hbgM ]Ɋ& !XgMb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**cgM ]Ɋ&  !gMc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91af1dd7-8fe9-4856-a8ac-65fa7682fc72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d*M ]Ɋ& !*Md F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91af1dd7-8fe9-4856-a8ac-65fa7682fc72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-456**eM ]Ɋ& '!XMe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**fM ]Ɋ& ?!XMf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**gM ]Ɋ& ;!XMg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**hM ]Ɋ& 3!XMh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**iM ]Ɋ& 3!XMi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**jM ]Ɋ& 5!XMj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0kM ]Ɋ& !Mk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0f5a8419-1f06-4564-91a7-5652953e1484 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@lW1M ]Ɋ& !W1Ml F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0f5a8419-1f06-4564-91a7-5652953e1484 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**mZ ]Ɋ& )!XZm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**nZ ]Ɋ& A!XZn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**oZ ]Ɋ& =!XZo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **pZ ]Ɋ& 5!XZp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6b**qZ ]Ɋ& 5!XZq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**rZ ]Ɋ& 7!XZr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0sZ ]Ɋ& !Zs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c26ef1-6927-4e4a-911b-6901b7f544f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@t[ ]Ɋ& ![t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c26ef1-6927-4e4a-911b-6901b7f544f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xu{[\ ]Ɋ& !X{[\u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pv{[\ ]Ɋ& !X{[\v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hw{[\ ]Ɋ& !X{[\w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x{[\ ]Ɋ& !X{[\x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`y{[\ ]Ɋ& !X{[\y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz{[\ ]Ɋ& !X{[\z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**{{[\ ]Ɋ&  !{[\{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3424ddd-50e6-4318-b1dc-5109cd47bda1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**|\ ]Ɋ& !\| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3424ddd-50e6-4318-b1dc-5109cd47bda1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8}kV_ ]Ɋ& !XkV_} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P~kV_ ]Ɋ& !XkV_~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF&y  F&ommandLine= F& ElfChnk -?]Mu=VysMc&&**PkV_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XkV_ F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HkV_ ]Ɋ& !XkV_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HkV_ ]Ɋ& !XkV_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HkV_ ]Ɋ& !XkV_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**kV_ ]Ɋ& !kV_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=079dba3e-5b13-4d9c-8c4d-61fa5162f38a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**kV_ ]Ɋ& !kV_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=079dba3e-5b13-4d9c-8c4d-61fa5162f38a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X_ ]Ɋ& !X_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p_ ]Ɋ& !X_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h_ ]Ɋ& !X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`_ ]Ɋ& !X_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd`**`_ ]Ɋ& !X_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`_ ]Ɋ& !X_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**_ ]Ɋ& !_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af342828-46ad-404d-9d88-66dc3de50859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**_ ]Ɋ& !_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af342828-46ad-404d-9d88-66dc3de50859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(` ]Ɋ& !X` F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@` ]Ɋ& !X` F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@` ]Ɋ& !X` F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8` ]Ɋ& !X` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8` ]Ɋ& !X` F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8` ]Ɋ& !X` F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**` ]Ɋ& !` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1bbf456-1ff7-4390-b759-401d4ff5e89a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ÿa ]Ɋ& !Ÿa F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1bbf456-1ff7-4390-b759-401d4ff5e89a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**Xd ]Ɋ& !Xd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pd ]Ɋ& !Xd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hd ]Ɋ& !Xd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**hd ]Ɋ& !Xd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hd ]Ɋ& !Xd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**d ]Ɋ&  !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d51799c-a2fb-4f89-80f7-4995ec857099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LLe ]Ɋ& !LLe F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d51799c-a2fb-4f89-80f7-4995ec857099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**e ]Ɋ& ?!Xe F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**e ]Ɋ& ;!Xe F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e ]Ɋ& 3!Xe F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **e ]Ɋ& 3!Xe F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e ]Ɋ& 5!Xe F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0e ]Ɋ& !e F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9db3dfb4-f044-48af-8424-f3ec84510d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@y}f ]Ɋ& !y}f F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9db3dfb4-f044-48af-8424-f3ec84510d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**d- ]Ɋ& )!Xd- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**d- ]Ɋ& A!Xd- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**d- ]Ɋ& =!Xd- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**d- ]Ɋ& 5!Xd- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**d- ]Ɋ& 5!Xd- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**d- ]Ɋ& 7!Xd- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0d- ]Ɋ& !d- F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=656ce445-cb25-467a-b904-c73cc2f7bd72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@^ ]Ɋ& !^ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=656ce445-cb25-467a-b904-c73cc2f7bd72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XY! ]Ɋ& !XY! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7bdX**pY! ]Ɋ& !XY! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hY! ]Ɋ& !XY! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnk( icMu=VysMc&&**hY! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XY! F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=kV_h**`Y! ]Ɋ& !XY! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hY! ]Ɋ& !XY! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Y! ]Ɋ&  !Y! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7cbb3a5-0219-442a-8440-4b9fd0b8088c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7cbb3a5-0219-442a-8440-4b9fd0b8088c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8rT$ ]Ɋ& !XrT$ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PrT$ ]Ɋ& !XrT$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PrT$ ]Ɋ& !XrT$ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HrT$ ]Ɋ& !XrT$ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HrT$ ]Ɋ& !XrT$ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HrT$ ]Ɋ& !XrT$ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**rT$ ]Ɋ& !rT$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c24e9fe-4d72-4246-8627-c82529aafb21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rT$ ]Ɋ& !rT$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c24e9fe-4d72-4246-8627-c82529aafb21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X$ ]Ɋ& !X$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p$ ]Ɋ& !X$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h$ ]Ɋ& !X$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`$ ]Ɋ& !X$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`$ ]Ɋ& !X$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`$ ]Ɋ& !X$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**$ ]Ɋ& !$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b203f9c-6740-4462-9784-164ffdf57b0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b203f9c-6740-4462-9784-164ffdf57b0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(bO' ]Ɋ& !XbO' F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@bO' ]Ɋ& !XbO' F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@bO' ]Ɋ& !XbO' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8bO' ]Ɋ& !XbO' F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8bO' ]Ɋ& !XbO' F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bb98**8bO' ]Ɋ& !XbO' F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**bO' ]Ɋ& !bO' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=205b390e-d2ba-4418-a3d6-cda5262296c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=205b390e-d2ba-4418-a3d6-cda5262296c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X0 ]Ɋ& !X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p0 ]Ɋ& !X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p0 ]Ɋ& !X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h0 ]Ɋ& !X0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h0 ]Ɋ& !X0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**0 ]Ɋ&  !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab039c12-af4e-4b76-ae77-97bdf697e3d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **aq1 ]Ɋ& !aq1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab039c12-af4e-4b76-ae77-97bdf697e3d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **2 ]Ɋ& '!X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**2 ]Ɋ& ?!X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**2 ]Ɋ& ;!X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**2 ]Ɋ& 3!X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**2 ]Ɋ& 3!X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**02 ]Ɋ& !2 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=92df67e3-5fd5-4b12-a75d-2445cc7b00d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@3 ]Ɋ& !3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=92df67e3-5fd5-4b12-a75d-2445cc7b00d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**hb ]Ɋ& )!Xhb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**hb ]Ɋ& A!Xhb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**hb ]Ɋ& =!Xhb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXhb F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnkpqlwڬnMu=VysMc&&**hb ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xhb F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **hb ]Ɋ& 5!Xhb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**hb ]Ɋ& 7!Xhb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0bc ]Ɋ& !bc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e37e71-1378-4923-9362-ad416492d40b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@c ]Ɋ& !c F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e37e71-1378-4923-9362-ad416492d40b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dca@**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=76ap**hc ]Ɋ& !Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2h**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edba935b-9852-4d64-89c6-2370ace89924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**+d ]Ɋ& !+d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edba935b-9852-4d64-89c6-2370ace89924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8+d ]Ɋ& !X+d F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P+d ]Ɋ& !X+d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P+d ]Ɋ& !X+d F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H+d ]Ɋ& !X+d F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H+d ]Ɋ& !X+d F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H+d ]Ɋ& !X+d F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6efH**+d ]Ɋ& !+d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fe8fb38-23c5-4aeb-902e-5220123bd970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**+d ]Ɋ& !+d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fe8fb38-23c5-4aeb-902e-5220123bd970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X+d ]Ɋ& !X+d F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9674X**p+d ]Ɋ& !X+d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h+d ]Ɋ& !X+d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`+d ]Ɋ& !X+d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`+d ]Ɋ& !X+d F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`+d ]Ɋ& !X+d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**+d ]Ɋ& !+d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6dba6733-f32d-4aaf-b0d5-be5090637302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**,e ]Ɋ& !,e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6dba6733-f32d-4aaf-b0d5-be5090637302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4c**(,e ]Ɋ& !X,e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@,e ]Ɋ& !X,e F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@,e ]Ɋ& !X,e F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8,e ]Ɋ& !X,e F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8,e ]Ɋ& !X,e F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8,e ]Ɋ& !X,e F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**,e ]Ɋ& !,e F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebe5a59f-2f2d-4697-958a-6c779344ebb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=45**Xe ]Ɋ& !Xe F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebe5a59f-2f2d-4697-958a-6c779344ebb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xf ]Ɋ& !Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pf ]Ɋ& !Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hf ]Ɋ& !Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**h f ]Ɋ& !Xf  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**h f ]Ɋ& !Xf  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=16h** f ]Ɋ&  !f  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd666db8-334e-40a8-bd2c-d1963e68f260 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** g ]Ɋ& !g  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd666db8-334e-40a8-bd2c-d1963e68f260 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue** g ]Ɋ& '!Xg  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**g ]Ɋ& ?!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**g ]Ɋ& 3!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXg F&4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXhb F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnkBBHl H/Mu=VysMc&&** g ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xg F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **g ]Ɋ& 5!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc**0g ]Ɋ& !g F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b99885-1b0d-4356-a955-e4a2a6fe0f9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=130**@Ih ]Ɋ& !Ih F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b99885-1b0d-4356-a955-e4a2a6fe0f9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**^f ]Ɋ& )!X^f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **^f ]Ɋ& A!X^f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**^f ]Ɋ& =!X^f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**^f ]Ɋ& 5!X^f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=19**^f ]Ɋ& 5!X^f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**^f ]Ɋ& 7!X^f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0f ]Ɋ& !f F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822e779c-7cd7-4e40-aa4a-54f444e18979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@!g ]Ɋ& !!g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822e779c-7cd7-4e40-aa4a-54f444e18979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X!g ]Ɋ& !X!g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p!g ]Ɋ& !X!g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h!g ]Ɋ& !X!g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` !g ]Ɋ& !X!g  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!!g ]Ɋ& !X!g! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+`**h"!g ]Ɋ& !X!g" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**#!g ]Ɋ&  !!g# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82d7a5db-cb12-47f0-8593-a6e2cc7df4c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**$sh ]Ɋ& !sh$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82d7a5db-cb12-47f0-8593-a6e2cc7df4c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8%sh ]Ɋ& !Xsh% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P&sh ]Ɋ& !Xsh& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P'sh ]Ɋ& !Xsh' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP**H(sh ]Ɋ& !Xsh( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H)sh ]Ɋ& !Xsh) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H*sh ]Ɋ& !Xsh* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+sh ]Ɋ& !sh+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cecc2de-c0b3-4303-a097-dbf8cae21f10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,sh ]Ɋ& !sh, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cecc2de-c0b3-4303-a097-dbf8cae21f10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X-N i ]Ɋ& !XN i- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p.N i ]Ɋ& !XN i. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h/N i ]Ɋ& !XN i/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`0N i ]Ɋ& !XN i0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=05`**`1N i ]Ɋ& !XN i1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`2N i ]Ɋ& !XN i2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3N i ]Ɋ& !N i3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d68efe62-83ce-4c4a-baee-bec868d88513 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**4N i ]Ɋ& !N i4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d68efe62-83ce-4c4a-baee-bec868d88513 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==eb**(5i ]Ɋ& !Xi5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@6i ]Ɋ& !Xi6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@7i ]Ɋ& !Xi7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**88i ]Ɋ& !Xi8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**89i ]Ɋ& !Xi9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8:i ]Ɋ& !Xi: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**;i ]Ɋ& !i; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f4a7452-b9b8-4909-a85f-741cf6d419cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**<{=j ]Ɋ& !{=j< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f4a7452-b9b8-4909-a85f-741cf6d419cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X=՟l ]Ɋ& !X՟l= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p>՟l ]Ɋ& !X՟l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?՟l ]Ɋ& !X՟l? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h@՟l ]Ɋ& !X՟l@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hA՟l ]Ɋ& !X՟lA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hB՟l ]Ɋ& !X՟lB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !՟lC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkCuCu8}Mu=VysMc&&** C՟l ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !՟lC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **Dl8m ]Ɋ& !l8mD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**Em ]Ɋ& '!XmE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Fm ]Ɋ& ?!XmF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Gm ]Ɋ& ;!XmG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**Hm ]Ɋ& 3!XmH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Im ]Ɋ& 3!XmI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Jm ]Ɋ& 5!XmJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0Km ]Ɋ& !mK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=56f20360-7468-4b4e-8733-ee1ce3815d4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=790**@Lin ]Ɋ& !inL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=56f20360-7468-4b4e-8733-ee1ce3815d4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**M^g ]Ɋ& )!X^gM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**N^g ]Ɋ& A!X^gN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**O^g ]Ɋ& =!X^gO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **P^g ]Ɋ& 5!X^gP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Q^g ]Ɋ& 5!X^gQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**R^g ]Ɋ& 7!X^gR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0S _g ]Ɋ& ! _gS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2d68789-7541-49eb-81c0-de559cd50ae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@TM`g ]Ɋ& !M`gT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2d68789-7541-49eb-81c0-de559cd50ae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**XULag ]Ɋ& !XLagU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pVLag ]Ɋ& !XLagV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hWLag ]Ɋ& !XLagW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`XLag ]Ɋ& !XLagX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`YLag ]Ɋ& !XLagY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hZLag ]Ɋ& !XLagZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**[Lag ]Ɋ&  !Lag[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01532617-c456-495b-aa0b-e7cd8d82c68e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e-8**\Lag ]Ɋ& !Lag\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01532617-c456-495b-aa0b-e7cd8d82c68e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8]Lag ]Ɋ& !XLag] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de8**P^Lag ]Ɋ& !XLag^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**P_Lag ]Ɋ& !XLag_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**H`Lag ]Ɋ& !XLag` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HaLag ]Ɋ& !XLaga F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HbLag ]Ɋ& !XLagb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**cLag ]Ɋ& !Lagc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f95eff6a-3e85-44c4-af92-69760419ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**dzag ]Ɋ& !zagd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f95eff6a-3e85-44c4-af92-69760419ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xezag ]Ɋ& !Xzage F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pfzag ]Ɋ& !Xzagf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hgzag ]Ɋ& !Xzagg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`hzag ]Ɋ& !Xzagh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`izag ]Ɋ& !Xzagi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`jzag ]Ɋ& !Xzagj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**kzag ]Ɋ& !zagk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6508e494-beed-44b4-82d8-65e7269a2023 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**lzag ]Ɋ& !zagl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6508e494-beed-44b4-82d8-65e7269a2023 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m~bg ]Ɋ& !X~bgm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@n~bg ]Ɋ& !X~bgn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@o~bg ]Ɋ& !X~bgo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8p~bg ]Ɋ& !X~bgp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8q~bg ]Ɋ& !X~bgq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8r~bg ]Ɋ& !X~bgr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**s~bg ]Ɋ& !~bgs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3613143-f387-4b50-abc3-6725e316f7c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**t>cg ]Ɋ& !>cgt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3613143-f387-4b50-abc3-6725e316f7c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**Xukdg ]Ɋ& !Xkdgu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53Xkdgv F&aceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkvv02t#GnMu=VysMc&&**x vkdg ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!Xkdgv F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **pwkdg ]Ɋ& !Xkdgw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**hxkdg ]Ɋ& !Xkdgx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**hykdg ]Ɋ& !Xkdgy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzkdg ]Ɋ& !Xkdgz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**{kdg ]Ɋ&  !kdg{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9507cf5a-7469-4ac9-94c9-6b45ecfe2889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**|yeg ]Ɋ& !yeg| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9507cf5a-7469-4ac9-94c9-6b45ecfe2889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**}fg ]Ɋ& '!Xfg} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**~fg ]Ɋ& ?!Xfg~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**fg ]Ɋ& ;!Xfg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=449**fg ]Ɋ& 3!Xfg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fg ]Ɋ& 3!Xfg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=926**fg ]Ɋ& 5!Xfg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0fg ]Ɋ& !fg F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=43e911e1-6f7e-4396-b753-5be62c41a3ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@Bgg ]Ɋ& !Bgg F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=43e911e1-6f7e-4396-b753-5be62c41a3ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8nf ]Ɋ& !Xnf F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8nf ]Ɋ& !Xnf F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**nf ]Ɋ& !nf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2fd71e80-24d6-45f7-b63f-79e35b1b180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=71**7g ]Ɋ& !7g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2fd71e80-24d6-45f7-b63f-79e35b1b180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xi ]Ɋ& !Xi F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pi ]Ɋ& !Xi F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pi ]Ɋ& !Xi F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hi ]Ɋ& !Xi F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hi ]Ɋ& !Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hi ]Ɋ& !Xi F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-h**_i ]Ɋ&  !_i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bc2c0cc-8027-4bea-8330-9e2663d8ec8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**1j ]Ɋ& !1j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bc2c0cc-8027-4bea-8330-9e2663d8ec8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**1j ]Ɋ& '!X1j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**1j ]Ɋ& ?!X1j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**1j ]Ɋ& ;!X1j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**1j ]Ɋ& 3!X1j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1j ]Ɋ& 3!X1j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**1j ]Ɋ& 5!X1j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**01j ]Ɋ& !1j F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1e784dc6-3245-485f-814a-1d3cf7f4c08c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@"ck ]Ɋ& !"ck F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1e784dc6-3245-485f-814a-1d3cf7f4c08c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**x+ ]Ɋ& )!Xx+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**x+ ]Ɋ& A!Xx+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x+ ]Ɋ& =!Xx+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**x+ ]Ɋ& 5!Xx+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**x+ ]Ɋ& 5!Xx+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**x+ ]Ɋ& 7!Xx+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f35d728-68bd-413d-8d25-36cc52e7cac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@\ ]Ɋ& !\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f35d728-68bd-413d-8d25-36cc52e7cac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e7-@**X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**; ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a515408d-f5b7-40a8-b875-07f34122a0c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a515408d-f5b7-40a8-b875-07f34122a0c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8; ]Ɋ& !X; F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P; ]Ɋ& !X; F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H; ]Ɋ& !X; F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=88c7H**H; ]Ɋ& !X; F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-913H**H; ]Ɋ& !X; F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=17-H**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6c51d1-4e59-4b74-b791-85028d11ed21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=741**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6c51d1-4e59-4b74-b791-85028d11ed21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**Xҍ ]Ɋ& !Xҍ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pҍ ]Ɋ& !Xҍ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hҍ ]Ɋ& !Xҍ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ҍ ]Ɋ& !Xҍ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXҍ F&wid@ 65535 Eng ]Ɋ& ndXnf F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53Xkdgv F&aceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk @LYMu=VysMc&&**hҍ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xҍ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`ҍ ]Ɋ& !Xҍ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**ҍ ]Ɋ& !ҍ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4fd2ff8-5225-40c5-9f2a-7127e6335bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ҍ ]Ɋ& !ҍ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4fd2ff8-5225-40c5-9f2a-7127e6335bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(h& ]Ɋ& !Xh& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@h& ]Ɋ& !Xh& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1@**@h& ]Ɋ& !Xh& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8h& ]Ɋ& !Xh& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8h& ]Ɋ& !Xh& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8h& ]Ɋ& !Xh& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**h& ]Ɋ& !h& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0443f3fe-60e5-49aa-a29b-4c2272408bfc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0443f3fe-60e5-49aa-a29b-4c2272408bfc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X, ]Ɋ& !X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p, ]Ɋ& !X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p, ]Ɋ& !X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h, ]Ɋ& !X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h, ]Ɋ& !X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h, ]Ɋ& !X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**, ]Ɋ&  !, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378ebcfb-0aff-4961-a6d4-deb2ccc06beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**ˆ ]Ɋ& !ˆ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378ebcfb-0aff-4961-a6d4-deb2ccc06beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**ˆ ]Ɋ& '!Xˆ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**ˆ ]Ɋ& ?!Xˆ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**ˆ ]Ɋ& ;!Xˆ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ˆ ]Ɋ& 3!Xˆ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==d3**ˆ ]Ɋ& 3!Xˆ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**ˆ ]Ɋ& 5!Xˆ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6c**0ˆ ]Ɋ& !ˆ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=067a2d98-f115-49a8-a026-c46e08ab0f5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=067a2d98-f115-49a8-a026-c46e08ab0f5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**y ]Ɋ& )!Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**y ]Ɋ& A!Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **y ]Ɋ& =!Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **y ]Ɋ& 7!Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0y ]Ɋ& !y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6906f184-fd79-4e9d-8b08-b901689244cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ y ]Ɋ& ! y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6906f184-fd79-4e9d-8b08-b901689244cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XJy ]Ɋ& !XJy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pJy ]Ɋ& !XJy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hJy ]Ɋ& !XJy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`Jy ]Ɋ& !XJy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`Jy ]Ɋ& !XJy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hJy ]Ɋ& !XJy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**Jy ]Ɋ&  !Jy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15c24a1b-f23c-4976-9259-06f18b7a2651 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Jy ]Ɋ& !Jy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15c24a1b-f23c-4976-9259-06f18b7a2651 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8:y ]Ɋ& !X:y F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P:y ]Ɋ& !X:y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P:y ]Ɋ& !X:y F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H:y ]Ɋ& !X:y F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H :y ]Ɋ& !X:y  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8ce9H PipelineI ]Ɋ&  X:y  F&ElfChnk : :hwMu=VysMc&&**H :y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X:y  F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** :y ]Ɋ& !:y  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3ad9d84-5ca2-45b8-b5bf-032fbd4c33af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ҍ** :y ]Ɋ& !:y  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3ad9d84-5ca2-45b8-b5bf-032fbd4c33af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X wy ]Ɋ& !Xwy  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pwy ]Ɋ& !Xwy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hwy ]Ɋ& !Xwy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`wy ]Ɋ& !Xwy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`wy ]Ɋ& !Xwy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`wy ]Ɋ& !Xwy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**wy ]Ɋ& !wy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11071949-9c5a-4f71-8378-cac940d77966 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**wy ]Ɋ& !wy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11071949-9c5a-4f71-8378-cac940d77966 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ly ]Ɋ& !X ly F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ly ]Ɋ& !X ly F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@ ly ]Ɋ& !X ly F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ly ]Ɋ& !X ly F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ly ]Ɋ& !X ly F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==008**8 ly ]Ɋ& !X ly F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ly ]Ɋ& ! ly F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=072dfad1-0851-4b5c-88d7-e72f594ea948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**:y ]Ɋ& !:y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=072dfad1-0851-4b5c-88d7-e72f594ea948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xgy ]Ɋ& !Xgy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pgy ]Ɋ& !Xgy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pgy ]Ɋ& !Xgy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h gy ]Ɋ& !Xgy  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h!gy ]Ɋ& !Xgy! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h"gy ]Ɋ& !Xgy" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**#gy ]Ɋ&  !gy# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f5d370-8414-4c71-8096-b238276541e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$fy ]Ɋ& !fy$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f5d370-8414-4c71-8096-b238276541e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **%y ]Ɋ& '!Xy% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**&y ]Ɋ& ?!Xy& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**'y ]Ɋ& ;!Xy' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**(y ]Ɋ& 3!Xy( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**)y ]Ɋ& 3!Xy) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun***y ]Ɋ& 5!Xy* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0+y ]Ɋ& !y+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=024ae76a-5ef7-4a39-9b81-5d248df0039e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@,0y ]Ɋ& !0y, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=024ae76a-5ef7-4a39-9b81-5d248df0039e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @**- ]Ɋ& )!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**. ]Ɋ& A!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**/ ]Ɋ& =!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0 ]Ɋ& 5!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& 5!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**2 ]Ɋ& 7!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03W ]Ɋ& !W3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4385babc-8e6e-4df8-969f-aa932e87cc50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@43 ]Ɋ& !34 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4385babc-8e6e-4df8-969f-aa932e87cc50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X5Ɉ ]Ɋ& !XɈ5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p6Ɉ ]Ɋ& !XɈ6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h7Ɉ ]Ɋ& !XɈ7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`8Ɉ ]Ɋ& !XɈ8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`9Ɉ ]Ɋ& !XɈ9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:Ɉ ]Ɋ& !XɈ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X:y ɈElfChnk;k;kkvMu=VysMc&&**;Ɉ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Ɉ; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40905a6c-9d86-4cd4-9a84-7635ad3e8f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<Ɉ ]Ɋ& !Ɉ< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40905a6c-9d86-4cd4-9a84-7635ad3e8f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=Ɉ ]Ɋ& !XɈ= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P>Ɉ ]Ɋ& !XɈ> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P?Ɉ ]Ɋ& !XɈ? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H@Ɉ ]Ɋ& !XɈ@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HAɈ ]Ɋ& !XɈA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HBɈ ]Ɋ& !XɈB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**CɈ ]Ɋ& !ɈC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd6788fd-b74b-4b91-bad8-0fa24488c915 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**DɈ ]Ɋ& !ɈD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd6788fd-b74b-4b91-bad8-0fa24488c915 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XE`! ]Ɋ& !X`!E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pF`! ]Ɋ& !X`!F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hG`! ]Ɋ& !X`!G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`H`! ]Ɋ& !X`!H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`I`! ]Ɋ& !X`!I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`J`! ]Ɋ& !X`!J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**K`! ]Ɋ& !`!K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c9d465c-bdca-4040-9885-f9199dcbcf6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L`! ]Ɋ& !`!L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c9d465c-bdca-4040-9885-f9199dcbcf6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(M`! ]Ɋ& !X`!M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7(**@N`! ]Ɋ& !X`!N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@O`! ]Ɋ& !X`!O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8P`! ]Ɋ& !X`!P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8Q`! ]Ɋ& !X`!Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8R`! ]Ɋ& !X`!R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S`! ]Ɋ& !`!S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6df2e3ac-00d2-4ce1-9515-d358d4e7224e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**TR ]Ɋ& !RT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6df2e3ac-00d2-4ce1-9515-d358d4e7224e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hZ ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21f20440-cfa5-474f-aa7d-2f0fa8930854 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\P ]Ɋ& !P\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21f20440-cfa5-474f-aa7d-2f0fa8930854 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**]P ]Ɋ& '!XP] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**^P ]Ɋ& ?!XP^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**_P ]Ɋ& ;!XP_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**`P ]Ɋ& 3!XP` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**aP ]Ɋ& 3!XPa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**bP ]Ɋ& 5!XPb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0cP ]Ɋ& !Pc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1fc64b87-484b-4c5a-858e-a3be6cc5dc9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@d}M ]Ɋ& !}Md F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1fc64b87-484b-4c5a-858e-a3be6cc5dc9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=df8-@**ez( ]Ɋ& )!Xz(e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**fz( ]Ɋ& A!Xz(f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**gz( ]Ɋ& =!Xz(g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8d**hz( ]Ɋ& 5!Xz(h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**iz( ]Ɋ& 5!Xz(i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**jz( ]Ɋ& 7!Xz(j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0kz( ]Ɋ& !z(k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnkllX;ogMu=VysMc&&**@l%"{( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!%"{(l F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xm%"{( ]Ɋ& !X%"{(m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd4X**pn%"{( ]Ɋ& !X%"{(n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**ho%"{( ]Ɋ& !X%"{(o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`p%"{( ]Ɋ& !X%"{(p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`q%"{( ]Ɋ& !X%"{(q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hr%"{( ]Ɋ& !X%"{(r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**s{( ]Ɋ&  !{(s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77c824bc-98fb-4d3e-a8c5-6bd95dfe9b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**t{( ]Ɋ& !{(t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77c824bc-98fb-4d3e-a8c5-6bd95dfe9b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8u{( ]Ɋ& !X{(u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pv{( ]Ɋ& !X{(v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pw{( ]Ɋ& !X{(w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hx{( ]Ɋ& !X{(x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hy{( ]Ɋ& !X{(y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hz{( ]Ɋ& !X{(z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**{{( ]Ɋ& !{({ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88bb37fd-a121-4682-8b14-4864f8eb2a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**|{( ]Ɋ& !{(| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88bb37fd-a121-4682-8b14-4864f8eb2a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X}RS|( ]Ɋ& !XRS|(} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-f91X**p~RS|( ]Ɋ& !XRS|(~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hRS|( ]Ɋ& !XRS|( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`RS|( ]Ɋ& !XRS|( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-`**`RS|( ]Ɋ& !XRS|( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`RS|( ]Ɋ& !XRS|( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**RS|( ]Ɋ& !RS|( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c980ce6-37f3-4e3d-a2e5-648d18376e0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**RS|( ]Ɋ& !RS|( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c980ce6-37f3-4e3d-a2e5-648d18376e0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(|( ]Ɋ& !X|( F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@|( ]Ɋ& !X|( F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@|( ]Ɋ& !X|( F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8|( ]Ɋ& !X|( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8|( ]Ɋ& !X|( F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8|( ]Ɋ& !X|( F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**|( ]Ɋ& !|( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e837b892-2fe3-4d62-969c-6c34350a9640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **}( ]Ɋ& !}( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e837b892-2fe3-4d62-969c-6c34350a9640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**Xp( ]Ɋ& !Xp( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pp( ]Ɋ& !Xp( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pp( ]Ɋ& !Xp( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hp( ]Ɋ& !Xp( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hp( ]Ɋ& !Xp( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hp( ]Ɋ& !Xp( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**p( ]Ɋ&  !p( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c5bdb6-19b7-4aba-9131-b774b1faf505 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c5bdb6-19b7-4aba-9131-b774b1faf505 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**( ]Ɋ& '!X( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**( ]Ɋ& ?!X( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**( ]Ɋ& ;!X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& 3!X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**( ]Ɋ& 3!X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& 5!X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0( ]Ɋ& !( F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os3I( F&on=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnkD+Mu=VysMc&&**@ 3I( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!3I( F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **eR ]Ɋ& )!XeR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **eR ]Ɋ& A!XeR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**eR ]Ɋ& =!XeR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**eR ]Ɋ& 5!XeR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR ]Ɋ& 5!XeR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**eR ]Ɋ& 7!XeR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0eR ]Ɋ& !eR F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c37e8ab-3df6-40d3-a70e-1d80e4401254 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@S ]Ɋ& !S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c37e8ab-3df6-40d3-a70e-1d80e4401254 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848dcef-844e-43cf-a16b-995abc42e90e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848dcef-844e-43cf-a16b-995abc42e90e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8)dT ]Ɋ& !X)dT F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P)dT ]Ɋ& !X)dT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P)dT ]Ɋ& !X)dT F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H)dT ]Ɋ& !X)dT F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H)dT ]Ɋ& !X)dT F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H)dT ]Ɋ& !X)dT F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**)dT ]Ɋ& !)dT F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eab4a023-bd48-4cc0-b710-7b50784437b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**)dT ]Ɋ& !)dT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eab4a023-bd48-4cc0-b710-7b50784437b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X)dT ]Ɋ& !X)dT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p)dT ]Ɋ& !X)dT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h)dT ]Ɋ& !X)dT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`)dT ]Ɋ& !X)dT F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`)dT ]Ɋ& !X)dT F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`)dT ]Ɋ& !X)dT F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**)dT ]Ɋ& !)dT F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37ab8828-919c-488e-90ff-b18e559f822b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**)dT ]Ɋ& !)dT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37ab8828-919c-488e-90ff-b18e559f822b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(T ]Ɋ& !XT F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@T ]Ɋ& !XT F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@T ]Ɋ& !XT F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8T ]Ɋ& !XT F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8T ]Ɋ& !XT F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8T ]Ɋ& !XT F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**T ]Ɋ& !T F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5d25f28-bd06-4251-997e-e70eb4784f05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**VU ]Ɋ& !VU F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5d25f28-bd06-4251-997e-e70eb4784f05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XFX ]Ɋ& !XFX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pFX ]Ɋ& !XFX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pFX ]Ɋ& !XFX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hFX ]Ɋ& !XFX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hFX ]Ɋ& !XFX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c5fh**hFX ]Ɋ& !XFX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**FX ]Ɋ&  !FX F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88d3abf6-8479-453b-8b9e-8f05fb76a46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**(Y ]Ɋ& !(Y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88d3abf6-8479-453b-8b9e-8f05fb76a46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**(Y ]Ɋ& '!X(Y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOX(Y F&=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os3I( F&on=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnk0}ֻMu=VysMc&&** (Y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X(Y F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **(Y ]Ɋ& ;!X(Y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**(Y ]Ɋ& 3!X(Y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**(Y ]Ɋ& 3!X(Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**(Y ]Ɋ& 5!X(Y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0(Y ]Ɋ& !(Y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=029f5458-cec2-4749-b7b3-cd92846d2dba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@ ZZ ]Ɋ& ! ZZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=029f5458-cec2-4749-b7b3-cd92846d2dba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**o+ ]Ɋ& )!Xo+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**o+ ]Ɋ& A!Xo+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**o+ ]Ɋ& =!Xo+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**o+ ]Ɋ& 5!Xo+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d5**o+ ]Ɋ& 5!Xo+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**o+ ]Ɋ& 7!Xo+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0o+ ]Ɋ& !o+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ac8159-a811-4697-b693-16b23d7f6970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@- ]Ɋ& !- F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ac8159-a811-4697-b693-16b23d7f6970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)dTp**h- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`- ]Ɋ& !X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=307fb7af-79d8-4b8c-9e4c-012d7dd60b10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ҹ**2- ]Ɋ& !2- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=307fb7af-79d8-4b8c-9e4c-012d7dd60b10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**82- ]Ɋ& !X2- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P2- ]Ɋ& !X2- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P2- ]Ɋ& !X2- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H2- ]Ɋ& !X2- F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H2- ]Ɋ& !X2- F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H2- ]Ɋ& !X2- F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**2- ]Ɋ& !2- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e7305b3-4ea6-42e2-8fa2-1bc709127a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****2- ]Ɋ& !2- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e7305b3-4ea6-42e2-8fa2-1bc709127a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X2. ]Ɋ& !X2. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p2. ]Ɋ& !X2. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h2. ]Ɋ& !X2. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`2. ]Ɋ& !X2. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`2. ]Ɋ& !X2. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`2. ]Ɋ& !X2. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**2. ]Ɋ& !2. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=824ef645-d2b8-40ed-a63d-fb1920c063ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2. ]Ɋ& !2. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=824ef645-d2b8-40ed-a63d-fb1920c063ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(2. ]Ɋ& !X2. F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@2. ]Ɋ& !X2. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@2. ]Ɋ& !X2. F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**82. ]Ɋ& !X2. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**82. ]Ɋ& !X2. F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FX8**82. ]Ɋ& !X2. F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**2. ]Ɋ& !2. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d5ce474d-d247-4ac9-8194-5245fbded65c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**c/ ]Ɋ& !c/ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d5ce474d-d247-4ac9-8194-5245fbded65c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X/ ]Ɋ& !X/ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p/ ]Ɋ& !X/ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p/ ]Ɋ& !X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h/ ]Ɋ& !X/ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X/ F&6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnk33 j&Mu=VysMc&&**h / ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X/ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h/ ]Ɋ& !X/ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**/ ]Ɋ&  !/ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd5db95-407c-4cfe-862e-9d2bae44cf4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**-1 ]Ɋ& !-1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd5db95-407c-4cfe-862e-9d2bae44cf4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**-1 ]Ɋ& '!X-1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**-1 ]Ɋ& ?!X-1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**-1 ]Ɋ& ;!X-1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bf4**-1 ]Ɋ& 3!X-1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** -1 ]Ɋ& 3!X-1  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43f** -1 ]Ɋ& 5!X-1  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 -1 ]Ɋ& !-1  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c6197cba-79c8-4316-a583-e93f50a4de43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@ P1 ]Ɋ& !P1  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c6197cba-79c8-4316-a583-e93f50a4de43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** U: ]Ɋ& )!XU:  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **U: ]Ɋ& A!XU: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**U: ]Ɋ& =!XU: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**U: ]Ɋ& 5!XU: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**U: ]Ɋ& 5!XU: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**U: ]Ɋ& 7!XU: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0U: ]Ɋ& !U: F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ce87167-44c8-4457-811e-44a52ff30066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@: ]Ɋ& !: F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ce87167-44c8-4457-811e-44a52ff30066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XP: ]Ɋ& !XP: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pP: ]Ɋ& !XP: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hP: ]Ɋ& !XP: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`P: ]Ɋ& !XP: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`P: ]Ɋ& !XP: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hP: ]Ɋ& !XP: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**P: ]Ɋ&  !P: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f79e09c-976c-4129-9e53-780d26c75ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**P: ]Ɋ& !P: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f79e09c-976c-4129-9e53-780d26c75ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8P: ]Ɋ& !XP: F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PP: ]Ɋ& !XP: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PP: ]Ɋ& !XP: F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H P: ]Ɋ& !XP:  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H!P: ]Ɋ& !XP:! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H"P: ]Ɋ& !XP:" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**#P: ]Ɋ& !P:# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f0fcc1-75cf-4724-b756-844e09ed431a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**$P: ]Ɋ& !P:$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f0fcc1-75cf-4724-b756-844e09ed431a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X%: ]Ɋ& !X:% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p&: ]Ɋ& !X:& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h': ]Ɋ& !X:' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`(: ]Ɋ& !X:( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`): ]Ɋ& !X:) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`*: ]Ɋ& !X:* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**+: ]Ɋ& !:+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0437ffec-8dc8-4e8d-a6d9-498c9725846e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**,: ]Ɋ& !:, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0437ffec-8dc8-4e8d-a6d9-498c9725846e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(-: ]Ɋ& !X:- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@.: ]Ɋ& !X:. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@/: ]Ɋ& !X:/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**80: ]Ɋ& !X:0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**81: ]Ɋ& !X:1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**82: ]Ɋ& !X:2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**3: ]Ɋ& !:3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08e810dc-bead-4946-9533-c4d16b50652d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  :4 F&:y ɈElfChnk4e4epm$+0Mu=VysMc&&** 4: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!:4 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08e810dc-bead-4946-9533-c4d16b50652d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5A: ]Ɋ& !XA:5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p6A: ]Ɋ& !XA:6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p7A: ]Ɋ& !XA:7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h8A: ]Ɋ& !XA:8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h9A: ]Ɋ& !XA:9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h:A: ]Ɋ& !XA:: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1h**;ײ: ]Ɋ&  !ײ:; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cf4160e-46b7-4a37-9eed-00ff4cb48c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**<nK: ]Ɋ& !nK:< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cf4160e-46b7-4a37-9eed-00ff4cb48c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**=: ]Ɋ& '!X:= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**>: ]Ɋ& ?!X:> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**?: ]Ɋ& ;!X:? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**@: ]Ɋ& 3!X:@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**A: ]Ɋ& 3!X:A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**B: ]Ɋ& 5!X:B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0C: ]Ɋ& !:C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9300997-2d52-4d44-9773-ced620b2d582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@D1: ]Ɋ& !1:D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9300997-2d52-4d44-9773-ced620b2d582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**E65Þ ]Ɋ& )!X65ÞE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**F65Þ ]Ɋ& A!X65ÞF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**G65Þ ]Ɋ& =!X65ÞG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**H65Þ ]Ɋ& 5!X65ÞH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**I65Þ ]Ɋ& 5!X65ÞI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**J65Þ ]Ɋ& 7!X65ÞJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0K65Þ ]Ɋ& !65ÞK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a307e23-f55f-4389-87af-f69955ffdd71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@LcfĞ ]Ɋ& !cfĞL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a307e23-f55f-4389-87af-f69955ffdd71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XMĞ ]Ɋ& !XĞM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**pNĞ ]Ɋ& !XĞN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**hOĞ ]Ɋ& !XĞO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`PĞ ]Ɋ& !XĞP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`QĞ ]Ɋ& !XĞQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRĞ ]Ɋ& !XĞR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**SĞ ]Ɋ&  !ĞS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b362a-7624-4b72-b614-96750bbdc634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**TĞ ]Ɋ& !ĞT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b362a-7624-4b72-b614-96750bbdc634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8UŞ ]Ɋ& !XŞU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PVŞ ]Ɋ& !XŞV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PWŞ ]Ɋ& !XŞW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HXŞ ]Ɋ& !XŞX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HYŞ ]Ɋ& !XŞY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**HZŞ ]Ɋ& !XŞZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*H**[Ş ]Ɋ& !Ş[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b4f7646-cfc7-4e74-a232-e5e58af83d97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\Ş ]Ɋ& !Ş\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b4f7646-cfc7-4e74-a232-e5e58af83d97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X]Ş ]Ɋ& !XŞ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p^Ş ]Ɋ& !XŞ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h_Ş ]Ɋ& !XŞ_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**``Ş ]Ɋ& !XŞ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`aŞ ]Ɋ& !XŞa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`bŞ ]Ɋ& !XŞb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**cŞ ]Ɋ& !Şc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246e3c8e-2f08-4312-805a-8c38e348e892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d'0ƞ ]Ɋ& !'0ƞd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246e3c8e-2f08-4312-805a-8c38e348e892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(e'0ƞ ]Ɋ& !X'0ƞe F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X'0ƞf F&  :4 F&:y ɈElfChnkff0L|6;dMu=VysMc&&**H f'0ƞ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X'0ƞf F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@g'0ƞ ]Ɋ& !X'0ƞg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8h'0ƞ ]Ɋ& !X'0ƞh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8i'0ƞ ]Ɋ& !X'0ƞi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8j'0ƞ ]Ɋ& !X'0ƞj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**k'0ƞ ]Ɋ& !'0ƞk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e125f149-2ffc-47c9-b6b2-07acce14811d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lTaǞ ]Ɋ& !TaǞl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e125f149-2ffc-47c9-b6b2-07acce14811d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**XmǞ ]Ɋ& !XǞm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pnǞ ]Ɋ& !XǞn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**poǞ ]Ɋ& !XǞo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf4p**hpǞ ]Ɋ& !XǞp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hqǞ ]Ɋ& !XǞq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hrǞ ]Ɋ& !XǞr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**sȞ ]Ɋ&  !Ȟs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a85336d-3ba8-450b-8cb2-99a074c534bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**t+ɞ ]Ɋ& !+ɞt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a85336d-3ba8-450b-8cb2-99a074c534bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**u+ɞ ]Ɋ& '!X+ɞu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**v+ɞ ]Ɋ& ?!X+ɞv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**w+ɞ ]Ɋ& ;!X+ɞw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**x+ɞ ]Ɋ& 3!X+ɞx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**y+ɞ ]Ɋ& 3!X+ɞy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**z+ɞ ]Ɋ& 5!X+ɞz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0{+ɞ ]Ɋ& !+ɞ{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da04033b-33be-4550-af02-d84f02775730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=100**@|D\ʞ ]Ɋ& !D\ʞ| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da04033b-33be-4550-af02-d84f02775730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**}Uߊd ]Ɋ& )!XUߊd} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**~Uߊd ]Ɋ& A!XUߊd~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Uߊd ]Ɋ& =!XUߊd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**Uߊd ]Ɋ& 5!XUߊd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**Uߊd ]Ɋ& 5!XUߊd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**Uߊd ]Ɋ& 7!XUߊd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0Uߊd ]Ɋ& !Uߊd F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c777ec2-cd3a-4fde-9fcc-169ec537c71a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@d ]Ɋ& !d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c777ec2-cd3a-4fde-9fcc-169ec537c71a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xd ]Ɋ& !Xd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hd ]Ɋ& !Xd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`d ]Ɋ& !Xd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`d ]Ɋ& !Xd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hd ]Ɋ& !Xd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**d ]Ɋ&  !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86b3c5d6-5346-44b1-8530-7a0dc620d867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86b3c5d6-5346-44b1-8530-7a0dc620d867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8d ]Ɋ& !Xd F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Pd ]Ɋ& !Xd F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hd ]Ɋ& !Xd F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hd ]Ɋ& !Xd F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hd ]Ɋ& !Xd F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**d ]Ɋ& !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ccb14be1-5137-419f-94bf-06eef9252880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ccb14be1-5137-419f-94bf-06eef9252880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XAd ]Ɋ& !XAd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pAd ]Ɋ& !XAd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = XAd F&  X'0ƞf F&  :4 F&:y ɈElfChnk(xFWMu=VysMc&&**pAd ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XAd F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`Ad ]Ɋ& !XAd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`Ad ]Ɋ& !XAd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`Ad ]Ɋ& !XAd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**Ad ]Ɋ& !Ad F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ededbf0-8a93-4c7d-a79c-f21766751186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Ad ]Ɋ& !Ad F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ededbf0-8a93-4c7d-a79c-f21766751186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(Ad ]Ɋ& !XAd F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Ad ]Ɋ& !XAd F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Ad ]Ɋ& !XAd F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8Ad ]Ɋ& !XAd F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8Ad ]Ɋ& !XAd F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8Ad ]Ɋ& !XAd F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**Ad ]Ɋ& !Ad F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14285eb5-f5cb-4e6f-aab2-f53af7627c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Eڍd ]Ɋ& !Eڍd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14285eb5-f5cb-4e6f-aab2-f53af7627c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ǘ**Xr d ]Ɋ& !Xr d F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pr d ]Ɋ& !Xr d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pr d ]Ɋ& !Xr d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hr d ]Ɋ& !Xr d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hr d ]Ɋ& !Xr d F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hr d ]Ɋ& !Xr d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**r d ]Ɋ&  !r d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d145655-a2b4-4cf4-83d7-8c96a179ae42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI** d ]Ɋ& ! d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d145655-a2b4-4cf4-83d7-8c96a179ae42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |** ]Ɋ& !G> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7f9b1ce-ec91-4e65-b73d-d02343b730f7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=786bd069-7a81-4053-b79e-050aff2366c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**XG> ]Ɋ& !XG> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pG> ]Ɋ& !XG> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**hG> ]Ɋ& !XG> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`G> ]Ɋ& !XG> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`G> ]Ɋ& !XG> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**hG> ]Ɋ& !XG> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**G> ]Ɋ&  !G> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffa5da61-c123-4dcd-97ff-c7ee94d65408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**G> ]Ɋ& !G> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffa5da61-c123-4dcd-97ff-c7ee94d65408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8> ]Ɋ& !X> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P> ]Ɋ& !X> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&:y XElfChnk0vMu=VysMc&&**H> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X> F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H> ]Ɋ& !X> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H> ]Ɋ& !X> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb620499-67bd-4fbb-8023-710088a85a97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**> ]Ɋ& !> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb620499-67bd-4fbb-8023-710088a85a97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X> ]Ɋ& !X> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h> ]Ɋ& !X> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`> ]Ɋ& !X> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`> ]Ɋ& !X> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`> ]Ɋ& !X> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f4373eb-f23c-43f4-9261-3745b6e7c588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**> ]Ɋ& !> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f4373eb-f23c-43f4-9261-3745b6e7c588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(x? ]Ɋ& !Xx? F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@x? ]Ɋ& !Xx? F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@x? ]Ɋ& !Xx? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8x? ]Ɋ& !Xx? F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8x? ]Ɋ& !Xx? F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8x? ]Ɋ& !Xx? F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**x? ]Ɋ& !x? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e909d826-87cd-452a-825d-1f32e2cd2b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**G@ ]Ɋ& !G@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e909d826-87cd-452a-825d-1f32e2cd2b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X8 C ]Ɋ& !X8 C F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p8 C ]Ɋ& !X8 C F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p8 C ]Ɋ& !X8 C F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h8 C ]Ɋ& !X8 C F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h8 C ]Ɋ& !X8 C F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h8 C ]Ɋ& !X8 C F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**8 C ]Ɋ&  !8 C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8f76541-1126-4133-9ce6-f24b5b773d89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ΤC ]Ɋ& !ΤC F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8f76541-1126-4133-9ce6-f24b5b773d89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**ΤC ]Ɋ& '!XΤC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**ΤC ]Ɋ& ?!XΤC F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ΤC ]Ɋ& ;!XΤC F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ΤC ]Ɋ& 3!XΤC F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**ΤC ]Ɋ& 3!XΤC F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**ΤC ]Ɋ& 5!XΤC F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0ΤC ]Ɋ& !ΤC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c3655848-09e0-44b6-842f-5cf1c44fcf33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@D ]Ɋ& !D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c3655848-09e0-44b6-842f-5cf1c44fcf33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-7a@**+ ]Ɋ& )!X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**+ ]Ɋ& A!X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**+ ]Ɋ& =!X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c**+ ]Ɋ& 5!X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**+ ]Ɋ& 5!X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**+ ]Ɋ& 7!X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+ ]Ɋ& !+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63b12811-0926-4ee7-a169-c71c22b66120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@+ ]Ɋ& !+ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63b12811-0926-4ee7-a169-c71c22b66120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**h+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk((} fMu=VysMc&&**h+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X+ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8+ ]Ɋ& !X+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P+ ]Ɋ& !X+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H+ ]Ɋ& !X+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H+ ]Ɋ& !X+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H+ ]Ɋ& !X+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X;N+ ]Ɋ& !X;N+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p;N+ ]Ɋ& !X;N+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h;N+ ]Ɋ& !X;N+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`;N+ ]Ɋ& !X;N+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` ;N+ ]Ɋ& !X;N+  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ;N+ ]Ɋ& !X;N+  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** ;N+ ]Ɋ& !;N+  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ;N+ ]Ɋ& !;N+  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**( ;N+ ]Ɋ& !X;N+  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@;N+ ]Ɋ& !X;N+ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5@**@;N+ ]Ɋ& !X;N+ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8;N+ ]Ɋ& !X;N+ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8;N+ ]Ɋ& !X;N+ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0-8**8;N+ ]Ɋ& !X;N+ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**;N+ ]Ɋ& !;N+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**,I+ ]Ɋ& '!X,I+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**,I+ ]Ɋ& ?!X,I+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**,I+ ]Ɋ& ;!X,I+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne** ,I+ ]Ɋ& 3!X,I+  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **!,I+ ]Ɋ& 3!X,I+! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**",I+ ]Ɋ& 5!X,I+" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0#,I+ ]Ɋ& !,I+# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@$+ ]Ɋ& !+$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**%4 ]Ɋ& )!X4% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**&4 ]Ɋ& A!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**'4 ]Ɋ& =!X4' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**(4 ]Ɋ& 5!X4( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icX4) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk)Y)Yp;jcMu=VysMc&&**)4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X4) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0+4 ]Ɋ& !4+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@,*<4 ]Ɋ& !*<4, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X-4 ]Ɋ& !X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p.4 ]Ɋ& !X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h/4 ]Ɋ& !X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`04 ]Ɋ& !X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`14 ]Ɋ& !X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h24 ]Ɋ& !X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**34 ]Ɋ&  !43 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **44 ]Ɋ& !44 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**854 ]Ɋ& !X45 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P64 ]Ɋ& !X46 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P74 ]Ɋ& !X47 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H84 ]Ɋ& !X48 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H94 ]Ɋ& !X49 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H:4 ]Ɋ& !X4: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**;4 ]Ɋ& !4; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**<4 ]Ɋ& !4< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X=Wm4 ]Ɋ& !XWm4= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p>Wm4 ]Ɋ& !XWm4> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h?Wm4 ]Ɋ& !XWm4? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`@Wm4 ]Ɋ& !XWm4@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`AWm4 ]Ɋ& !XWm4A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`BWm4 ]Ɋ& !XWm4B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**CWm4 ]Ɋ& !Wm4C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**DWm4 ]Ɋ& !Wm4D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(EWm4 ]Ɋ& !XWm4E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@FWm4 ]Ɋ& !XWm4F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@GWm4 ]Ɋ& !XWm4G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8HWm4 ]Ɋ& !XWm4H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8IWm4 ]Ɋ& !XWm4I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8JWm4 ]Ɋ& !XWm4J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**KWm4 ]Ɋ& !Wm4K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**L4 ]Ɋ& !4L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XM74 ]Ɋ& !X74M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN74 ]Ɋ& !X74N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pO74 ]Ɋ& !X74O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hP74 ]Ɋ& !X74P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hQ74 ]Ɋ& !X74Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca1h**hR74 ]Ɋ& !X74R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**S74 ]Ɋ&  !74S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**T4 ]Ɋ& !4T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**UHh4 ]Ɋ& '!XHh4U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**VHh4 ]Ɋ& ?!XHh4V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**WHh4 ]Ɋ& ;!XHh4W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XHh4 ]Ɋ& 3!XHh4X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**YHh4 ]Ɋ& 3!XHh4Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnkZZp(?d nMu=VysMc&&** ZHh4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XHh4Z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47c **0[Hh4 ]Ɋ& !Hh4[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\ 4 ]Ɋ& ! 4\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**]v ]Ɋ& )!Xv] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**^v ]Ɋ& A!Xv^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **_v ]Ɋ& =!Xv_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**`v ]Ɋ& 5!Xv` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**av ]Ɋ& 5!Xva F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **bv ]Ɋ& 7!Xvb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0cow ]Ɋ& !owc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@dx ]Ɋ& !xd F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xex ]Ɋ& !Xxe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pfx ]Ɋ& !Xxf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hgx ]Ɋ& !Xxg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`hx ]Ɋ& !Xxh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`iB9y ]Ɋ& !XB9yi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hjB9y ]Ɋ& !XB9yj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**kB9y ]Ɋ&  !B9yk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**lB9y ]Ɋ& !B9yl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8m{ ]Ɋ& !X{m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pn{ ]Ɋ& !X{n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Po{ ]Ɋ& !X{o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hp{ ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hq{ ]Ɋ& !X{q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**Hr{ ]Ɋ& !X{r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**s{ ]Ɋ& !{s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**t{ ]Ɋ& !{t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xu{ ]Ɋ& !X{u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pv{ ]Ɋ& !X{v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hw{ ]Ɋ& !X{w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`x{ ]Ɋ& !X{x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`y{ ]Ɋ& !X{y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`z{ ]Ɋ& !X{z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**{{ ]Ɋ& !{{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**|{ ]Ɋ& !{| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(}{ ]Ɋ& !X{} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@~{ ]Ɋ& !X{~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8{ ]Ɋ& !X{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X^ ]Ɋ& !X^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p^ ]Ɋ& !X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p^ ]Ɋ& !X^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h^ ]Ɋ& !X^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h^ ]Ɋ& !X^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h^ ]Ɋ& !X^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**^ ]Ɋ&  !^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&X